I am using Hydra v8.1 downloaded and compiled from a tar file. I've managed to solve the standard problem of libssh support and now when I try to make an attack(I think it's called dictionary attack) on an SSH server, after specifying the following command:
hydra -l {username} -s {port} -P /Users/{UserName}/Desktop/{file}.txt {ip} ssh
I get the following output:
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2015-09-30 10:59:49
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 7 tasks per 1 server, overall 64 tasks, 7 login tries (l:1/p:7), ~0 tries per task
[DATA] attacking service ssh on port {port}
[ERROR] target ssh://{ip}:{port}/ does not support password authentication
I have enabled support for the required libraries and I am running an OS X environment.
Can someone indicate a solution to this problem? Thank you.
Note: If I manually log in with the username and password, the authentication grants access to the server.
from another board:
https://security.stackexchange.com/questions/183848/hydra-fails-with-error-target-ssh-192-168-16-12822-does-not-support-passw
SSH supports several different authentication mechanisms. The password authentication mechanism has the client send the password to the server as a password. The more-common keyboard-interactive authentication mechanism opens a channel between the client and an authentication process on the server. The client allows the user to directly interact with the authentication process, which is usually just a password prompt. This allows more complex features like multiple-factor authentication and pre-authentication warnings and checks.
So your target probably supports keyboard-interactive and not password authentication.
Related
I am automating a build process. The process requires deployment of application to a server, after deployment a few scripts have to be executed to share and provide permissions on the server. The scripts run when I login via domain user through powershell.I am using Jenkins for the CI/CD process. I want to include my domain credentials to run the scripts on the server. I have also used the active directory plugin, and can login with my domain credentials but still I am not able to establish a remote connection with the server.
My script is
Enter-PSSession -ComputerName ATKT-WS-20
Invoke-Expression -Command .\FolderSharingScript.ps1
Enter-PSSession : Connecting to remote server ATKT-WS-20 failed with the following error message : WinRM cannot
process the request. The following error with errorcode 0x8009030e occurred while using Kerberos authentication: A
specified logon session does not exist. It may already have been terminated.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.<
I have also added the machine name in the trustedhosts. How can I include the domain credential in Jenkins jobs?
The solution turned out to be not to use PowerShell's remoting at all, but instead rely on the remoting built into Jenkins:
Connect the remote machine as a Jenkins agent to the Jenkins server, running the agent executable as the desired domain user.
On the Jenkins server, ensure that your job is configured to run on the remote machine, using a label expression.
Assuming the PowerShell plugin is installed, you can then send PowerShell code as-is to the remote machine - no need for PowerShell sessions, credentials, ...
I want to install hadoop 2.6 in pseudo-distributed mode on my Mac following the instruction found in the blog http://zhongyaonan.com/hadoop-tutorial/setting-up-hadoop-2-6-on-mac-osx-yosemite.html
The blogger suggests to execute the commands:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
to allow ssh connection to localhost without password. I don't know anything about ssh, sorry for the very basic following concern. Can anyone please tell me:
Is it secure to run these command? Or I am granting any kind of public remote access to my pc? (I told you it was a very basic question)
How can I undo the authorisation I previously granted with these commands?
First and foremost, no Hadoop is secure without Kerberos. That's not closely related to what you're doing generating SSH keys.
In any case, SSH keys require you to have both a public and private key. No one can access the cluster without the generated private key. And no one can access the cluster if their key isn't in the authorized file.
To put it simply, the commands are only as secure as the computer you're running them on. For example, some bad actor could be remotely coping all generated SSH keys on the system.
These passwordless SSH keys are for the hadoop services to communicate between each other within the cluster, and each process should be ran with limited system access anyway, not elevated / root privileges.
You undo the operation by ultimately destroying the key, but you can prevent access by just removing the entry from the authorized file
i cant connect to my application on openshift using rhc command
here is what i get when trying to connect
C:\Users\soulhiS>rhc ssh myapp
DL is deprecated, please use Fiddle
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Connecting to 56e736655650001b4#myapp-mydomain.rhcloud.com ...
Using username "56e736655650001b4".
FATAL ERROR: Disconnected: No supported authentication methods available(server sent: publickey,gssapi-keyex,gssapi-with-mic)
Make sure that your ssh key is accessible (run the command line as administrator, if needed) and it is the one OpenShift expects - i.e. check that a corresponding public key is uploaded to OpenShift. For uploading your public ssh key to OpenShift, you can run rhc setup.
I need to run curl commands from a Windows server to an API on a Linux box. When I am on my workstation I just run a kinit and give my user name and pwd for the Kerberos realm.
I have automated scripts in which I need to run a kinit before running the Powershell script. I do not want any manual intervention. I am trying to create a keytab file with my Kerberos account but it is not working -
I am receiving the error message "No key table entry found for user#domain.net while getting initial credentials.
I really don't understand much about Kerberos, and whether the process cares that I am on a Windows server tryng to use a keytab file for this purpose.
Can someone help? I have been going a bit nuts with this...
Thanks for any help!
Look into your keytab if the principal there is the one you are going to use. klist -k -t <keytab>
You are obviously doing wrong. You have to obtain a curl binary for Windows which says with curl --version:
curl 7.46.0 ...
Protocols: http https ...
Features: SSPI Kerberos SPNEGO ...
That's it. Enable SPNEGO auth with curl --negotiate -u : <URL> and you are done. No keytab necessary on Windows.
I have an access to a preconfigured Windows XP 32-bit workstation.
It's under firewall and to get outside it uses http proxy server.
To get proxy settings I need host, port, username and password.
http: // username : password # server : port
I'm able to find the proxy url and port (from PAC - automatic config file),
but I don't know how to get username/password. Is there a way to read it somehow? At least username? I might get the admin rights.
Do you know any tool that can help?
I only found these MS docs about some methods to get proxy config connection, but I don't know how to determinate what's the provided credentials:
WinHttpGetIEProxyConfigForCurrentUser function
WINHTTP_CURRENT_USER_IE_PROXY_CONFIG structure
WinHttpGetProxyForUrl function
I've also found this lib, but it's rather for parsing PAC:
http://code.google.com/p/pacparser/
In windows you cannot get password.
To get connect throw a proxy you have to use SSPI, check libcurl, you can get a connected socket throw proxy, build it with enable-sspi and openssl.
Iterating on Fernando Sanchez's answer and Robert's comment, you need to authenticate via SSPI. In my case I've connected using NTLM using this link
With curl using ntlm :
curl.exe --proxy <proxy_name>:<proxy_port> --proxy-ntlm -U : https://www.google.com
Also to partially answer your question the -U : means from curl man page :
If you use a Windows SSPI-enabled curl binary and do either Negotiate
or NTLM authentication then you can tell curl to select the user name
and password from your environment by specifying a single colon with
this option: "-U :".
You can get the proxy name and port from the windows registry (regedit). Quote from Robert's comment:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
It can be present either in a manual way using REG_SZ ProxyServer or using an autoconfiguration script using REG_SZ AutoConfigURL = https://<configuration_url>
If the curl command above fails with Failure when receiving data from the peer maybe you have a curl release without NTLM, SSPI or OpenSSL. Try with the latest curl release