Tag: Windows XP

Posted on by 4 Comments

Virtual pentesting lab : Step by Step guide

Virtual pentesting lab is a lab created on a single system using any virtualization software. It can be very helpful for people practicing for CEH or similar certification. Any penetration testing lab has two machines, attacker and victim. In this lab we will set up Kali Linux as the attacker and Windows XP( most favorite victim machine ) as the victim. I am going to set up this lab in Vmware Workstation 9. Hope this will be helpful.

First of all install Kali Linux and Windows XP in Vmware Workstation.

Shut them down. In the Vmware Workstation menu, Select Edit” and click on Virtual Network editor.

The window below will open showing the virtual network adapters. Click on “Add network”.

Vmware provides nine virtual networks from 0 to 9. Vmnet0, Vmnet1 and Vmnet8 are automatically assigned for  bridged, Host-only and NAT types of network respectively. Select the network “Vmnet3″.

We can see that our network is added as Host-Type with a automatically assigned subnet IP.

Click on our network. We can see its settings below.

Deselect the option ‘Connect a host virtual adapter to the network’. This’. This‘.This will make our network a custom type. Change the subnet IP to 10.10.10.0( choice is yours).  Select the ‘Use local DHCP service to distribute IP address to VMs‘ option. This will automatically assign IP addresses to our machines. Click on ‘DHCP settings‘.

You will see the below window. Make changes if you like. I am going to leave it default. Click OK twice to exit.

We have successfully created our custom network. Now let’s add our machines to the network. Open the tab of Kali Linux and click on ‘network adapter‘ setting.

In the settings, select the ‘custom radio button and select the network Vmnet3 from the dropdown menu. Click on OK.

Do the same for Windows XP. Then let’s boot up our victim machine and check it’s IP address by typing ‘ipconfig‘ in the command line. The DHCP server has automatically assigned it the IP address 10.10.10.129.

Boot the attacker machine and check it’s IP address by typing ‘ifconfig’ in the terminal. It has been assigned the address 10.10.10.128.

Ping the victim IP machine (10.10.10.129) to see whether the two machines can communicate.

We have successfully created a virtual pentesting lab. Happy testing.

Posted on by

Password cracking with Brutus

Hi everybody, today I’m gonna show you remote password cracking with Brutus. For the newbies, script kiddie is a person with little knowledge  of hacking or any programming languages and instead searches for automatic tools to hack the computers. In this scenario, script kiddie is using a Windows XP machine and two tools Zenmap and Brutus available for free to download. As you will see, Zenmap is used for scanning for any open ports of  live machines and Brutus is a password cracker.

Imagine I am the script kiddie, I  first find out my own computer’s  ip address by typing the command “ipconfig” in the command line.

The ip address of my system happens to be 10.10.10.1. I decide to scan the following range of ip addresses to look for any live hosts. In the target option, I specify IP address as 10.10.10.2-10 and I choose profile as intense scan to get maximum information about the target. After performing the scan, the results show that only one system 10.10.10.3 is alive.

The scan  also shows that the victim machine which is LIVE is running a ftp server and its operating system is Windows XP.

I decide to use Brutus to crack the remote FTP password. Brutus has both dictionary and brute force attack options. I decide to choose dictionary attack since it is faster than brute forcing. Brutus comes with a built in username(users.txt) and password list(pass.txt).As the victim machine is running Windows XP which comes with a default administrator account, I decide to  add “administrator” to the users.txt file.

I choose type as FTP since I am about to crack a FTP server.

Then I select the file pass.txt containing some common passwords and just hope to crack the password.

Then after starting the cracker, Brutus runs and gives one positive authentication result.

Username : administrator

Password: 123456

Then I try to log into the FTP server of the remote machine using CMD with the authentication result achieved above.

I successfully logged into the FTP server. Once I am into the remote machine I try some FTP commands but before that I change my local directory to Desktop.

Then I use DIR command to list the directories in the FTP server.

There are four directories in the FTP server:Detroit, Images:lena and users. I  go to the users directory using command cd users and then list the files in the directory by using command ls. There is one text file named users.txt in the directory.

I decide to download the file users.txt to my machine using the command get users.txt. Since I had set my local directory to desktop it will be downloaded to Desktop.

Let’s see the contents of the users.txt file just downloaded. It contains some usernames and passwords.

In the same way, I enter into another directory of interest to me “Images” and download the only image present in it to my desktop.

In this way, I can download any number of files from the remote server to my local machine. That’s all for in password cracking with Brutus.