Teaching Cyber Security (Part 17)
This is the 17th post of a series for teaching cyber-security in a coding-club. Read [part 16]
Putting it all together
Combining it all
In this unit we'll use what we have learnt in the previous units of this module. You will finally have all the tools to complete your original mission!
Finding the server
Do you remember the tool we used to check if a server is up and running on the Internet? It's a part of the name of a game similar to tennis, but smaller.
Yes, it's ping.
So, if you ping our server, you should get 0% packet loss.
ping -c 5 example.org
Good! You found the server.
Entering the server
Next, for fixing the security, you have to get inside the server. Typically a sysadmin (The server administrator) will let you into the server by giving you a set of credentials. Usually the credentials are a username and a password.
Remember that if you try to log into a server without explicit permission, it could be considered a crime!
So, to log into the server you would use the ssh command, indicating the username with the server:
ssh username@server
You should first get the prompt. Then, you have to type the password, and finally, press the Enter key. If you can’t see the letters or stars as you type your password, don't worry. It is the default behavior when you have to login into an ssh server, so you have to make sure you use the right keystrokes and press enter when finished.
Authorization basics
Usually, without knowing the right password, whatever you type will be incorrect, so you have three chances to enter the right user and password, or you will be rejected. You can try again another combination, fail, and so on.
You can be sure that this won’t get you into the server. It would take too much time, you would get frustrated, so you have to try something different. Ok, let’s forget this strategy and think of another.
The new strategy
We have agreed that we can’t be thinking and typing, trying, over and over until we get exhausted. So, as a first step, we need a source to get words from. So, where could you find lots and lots of words? Yes, in a dictionary.
If you remember, we had a text file with english words, /usr/share/dict/american-english. We can use the words in this file for our purpose.
The pattern
Good passwords avoid any type of pattern. For example xna;weri21935y7213 is a good password, but horse is not. The attack you are planning is called a brute force attack. That is because it tries all possible words (without any insight). In this case, I will give you a hint. The pattern for the password is a dictionary word followed by a digit between 0 and 9. So, it can be “horse5” or “bar3”.
What can we do to produce words which follow such a pattern? Well, first, we have to read the words, and then, we have to add a number to the word. What can we use to accomplish this? Did you guess loops?
Reading the text file
Reading a text file line by line
We know how to view the contents of a text file, but we need to do something else for each line before reading the next one, but let’s go step by step. Let’s just read the content of the file:
cat /usr/share/dict/american-english
Do something inside a loop
Well, that was the easiest part. Now, let’s do something beyond printing every line. For this, we have to create a loop and do something. You might remember that we used the echo command which means print or show in the shell.
Instead of typing all the commands in the shell, we can save them to a file and run them later. The files containing shell programs should end with .sh, so let's create a file for your program.
touch mycode.sh
you should now see your file on your file manager, with all the other files in your main folder. You can edit it with any text editor (nano, gedit, etc).
Write the following inside your file:
for word in $(cat /usr/share/dict/american-english);do
echo “printing: $word”
done
When you are finished with editing, you can run the script from a terminal window by using “bash mycode.sh”, and you should see every line of the text file with the text “printing: “ right in front of each line.
Something else in the text
We have just seen how to perform an action on each item inside a loop. Now, we need the action to be to add a single digit instead of echoing the same text every time. Now, let’s remember how to create a loop for numbers:
for number in {0..9};do
echo $number
done
Now that we have learned both separate actions, we have to put them together. To have a number next to each word, we will use use a technique called nesting. It is about nesting a loop inside of another loop. Let’s see how it works:
for word in $(cat /usr/share/dict/american-english);do
for number in {0..9};do
echo “is the password $word$number?”
done
done
Can you see the results? Do you understand how it works? But how can you use these passwords on the secret server?
Trying combinations for the server
The script we have just written, loops through the dictionary and numbers and echoes what both loops have at the time. Our mission is to log into the server trying every single combination, until one works. Does it sound easy? Sadly, we need to face another problem before going further.
The automatic ssh login problem
If you just replace the echo command with the ssh command in your script (with the right parameters, of course), you will find that it doesn't work.
Why not? The ssh command doesn’t have a way to automatically supply a password for the server to read. For our mission, we need to install a tool that provides such capability. There’s more than one tool, but the easiest one is sshpass, so let’s proceed and install it.
sudo apt install sshpass
If you run the command sshpass in the shell, but add the option "-h" you will find a lot of information about how to use that program. If you read carefully, you should find:
- That the -p option, followed by the password, can be very helpful.
- That after the options, you have to type the command (
sshitself) - And that after the command, you have to type the arguments (i.e., the parameters for ssh to log into the server)
I hope you enjoyed this course. It should give you a good idea of all the tools that are used behind the scenes to manage servers, networks and to secure the Internet. Keep learning to become an awesome White Hat Hacker.