Most of Cyber Security nerds are familiar with Mr.Robot series and if
you don't know it yet here's a brief summary of the series :
Elliot Alderson, a young man living in New York City, who works at Cybersecurity company "Allsafe" as a Cybersecurity Engineer. Constantly
struggling with social anxiety , He connects to people by hacking them
which often leads him to act as a cyber-vigilante. He is recruited by a
mysterious insurrectionary anarchist known as Mr Robot and joins his
team of hacktivists known as "fsociety" , One of their missions is to
cancel all consumer debt by encrypting all the data of one of the
largest corporations in the world, "E Corp" (which Elliot perceives as
Evil Corp), which also happens to be Allsafe's biggest client.
Table of Content :
- ping tool
- elpscrk tool
- w3brute tool
Introduction :
First of all lets separate between a real and fictional tools in this series we will facing a lot of fictional tools , My task here is to link them to reality and test with similar tool.
[+] First Tool #elpscrk :
At the first hacking scene of episode 1 , Elliot attempted to know the password of his therapist "Krista Gordon"
by typing these commands , so let's explain the commands in the screen below :
He is using "Linux" operating system (Favorite OS for Hackers :D) , it doesn't matter which distro he is using because all do the same , The difference between distro and another is the builtin tools , You can read more about Linux OS from here .
So we are going to explain line by line.........
Before Elliot use "elpscrk" tool he tested the availability of the IP 222.12.154.102 by ping command.
ping : used to test the reachability of a host on an Internet Protocol network.
As we see he got a reply with domain name "ev.e-bnk.org" of IP address, this operation called RDNS , So he makes sure the website is alive berfore doing his brute force attack.
after making sure the website is alive , he starts to generate a custom password of his victim using "elpscrk" tool , In the screen above he used "elpscrk" for multiple purposes like generate the passwords and brute force them but I think this tool does not exist so we are going to simulate with similar tools .
I found this similar tool for making a dictionary with custom inputs related to the target, it called elpscrk too
let's give it a try you can download this tool from github or type this line in your terminal :
[*] How it works :
In simple words, elpscrk will ask you about all info you
know about your target then will try to generate every possible password
the target could think of, it all depends on the information you give,
the flags you activate, and the level of complication you specify.
There are 6 levels of complications in elpscrk for each
type of target out there, starts from the simple person which is the
default to nerd person, paranoid person till the final boss level which
is nuclear level which could generate 1000000 passwords or more.
After downloading the tool , the result will be like that
Then you can go to your directory tool by typing [cd] command and directory name
by moving to the tool directory we will execute the tool using python3 and fill the required inputs like the screen below , The tool will generate a file with a possibly passwords , You will find the file at the same directory with name "passwords.txt"
The result will be like that :
We finished the first stage, which is creating custom passwords, we come to the second stage
which is to try to login to a website with specific username and multi passwords that we have created before like the screen above and that is what happened in the scene , but i didn't find that tool available so we will simulate with a different tool that do the same which is submitting many passwords or passphrases with the hope of eventually guessing correctly.
We are going to use a very similar tool to brute force the login page of any website that tool called "w3brute".
You can download this tool from github or type this line in your terminal
After downloading the tool change the directory to w3brute directory and then run the with python like screen below.
Lets have some fun , I have build a little web application login page to perform our hack I will set the username "admin" and the password "maakthon" , to look similar to the Mr.Robot scene.
To explore the tool you can type [python w3brute.py -h] it will show up the help manual of the tool.
Now lets pass the needed arguments like [ URL , Username , Passwords file]
Explain of the line:
[*] w3brute.py : The tool name
[*] -t : for target url
[*] -u : for specific username or a list of usernames
[*] -p : for specific password or a list of passwords (we will use the file we have generated before)
After attempting a lot of passwords we got it........................
References :
Before Elliot use "elpscrk" tool he tested the availability of the IP 222.12.154.102 by ping command.
by moving to the tool directory we will execute the tool using python3 and fill the required inputs like the screen below , The tool will generate a file with a possibly passwords , You will find the file at the same directory with name "passwords.txt"
which is to try to login to a website with specific username and multi passwords that we have created before like the screen above and that is what happened in the scene , but i didn't find that tool available so we will simulate with a different tool that do the same which is submitting many passwords or passphrases with the hope of eventually guessing correctly.
This comment has been removed by the author.
ReplyDeletePost a Comment