Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Wednesday, October 18, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 62
Guests Online: 60
Members Online: 2

Registered Members: 102501
Newest Member: R3v017
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

SSH Server - University Final Project

Benjisaur
Member

Your avatar

Posts: 7
Location:
Joined: 25.01.17
Rank:
Newbie
Posted on 25-01-17 20:00
Hi Guys,

I'm in my final year at University studying a Computer Science degree, for my final year project I've decided to examine different techniques used when people gain access to servers, what do they look for when they get in, do they download files if so what types of files are downloaded etc.

If anyone is interested I've acquired a server, I need some traffic going through it, attempting to 'hack' it, download some malware, etc, IP addresses will be logged how ever this is purely for academic research and they will not be revealed, I will only be using your countrywide location in my research nothing else, likewise any files that are downloaded I will only be examining their end goal not configuration files etc, and at the end of the project everything will be securely deleted leaving no traces.

I've had a few breaches so far and they've ran what appears to be the Mirai IoT malware and given me nothing to work with!

If there is some interest in this i'll post the IP address for the server, the ssh password is ridiculously easy and a simple brute force tool will be able to crack it in a matter of <1 hour, also the brute force would be god to monitor different types of passwords attempted Smile

B

Edited by Benjisaur on 25-01-17 20:02
Author

RE: SSH Server - University Final Project

Huitzilopochtli
Member



Posts: 1535
Location:
Joined: 19.02.13
Rank:
God
Posted on 26-01-17 00:57
Sounds interesting man..
Author

RE: SSH Server - University Final Project

rex_mundi
☆ Lucifer ☆



Posts: 2005
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 26-01-17 04:07
Yeah go for it dude.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: SSH Server - University Final Project

Benjisaur
Member

Your avatar

Posts: 7
Location:
Joined: 25.01.17
Rank:
Newbie
Posted on 26-01-17 07:55
Awesome, so as I say logs will be taken but nothing will be used to return back to you guys in anyway as this will help me out massively.

So,Ip is: 62.100.207.185

And as in previous the password is stupidly easy a simple common password list will break it, I'm not saying what it is as I need data for login attempts Smile

I should add, I was required to create a fake company so if someone does gain entry with malicious intent they wouldn't be alerted to the fact they were being logged, so when you gain access you will notice the host is HambledonFinancial, this is a fake company and has been made up for the purpose of this project!

Cheers guys,

B

Edited by Benjisaur on 26-01-17 09:38
Author

RE: SSH Server - University Final Project

Huitzilopochtli
Member



Posts: 1535
Location:
Joined: 19.02.13
Rank:
God
Posted on 26-01-17 13:10
a simple brute force tool will be able to crack it in a matter of <1 hour

1.3 seconds Thumbs Up

It runs frustratingly slowly on an android phone using juice for the ssh connection.

Edited by Huitzilopochtli on 26-01-17 14:23
Author

RE: SSH Server - University Final Project

Benjisaur
Member

Your avatar

Posts: 7
Location:
Joined: 25.01.17
Rank:
Newbie
Posted on 26-01-17 17:27
1.3 seconds! I knew it'd be fast, I had a sensible password for a month but had no hits so apparently needed to make it a bit easier!

Yeah, the server i'm paying for and what i've got appear to be two different things, it's slow from my end too! E-mailed them and they've said what I've got is normal, sounds like bs to me!

Also, any feedback on what I can do to improve the server to make it more realistic would be brill, I've had 3 hacks since posting and that's been fantastic, more is welcome though! Smile

Huitzilopochtli wrote:
It runs frustratingly slowly on an android phone using juice for the ssh connection.


Intrigued as to how you ran a brute force script on your android phone! Sounds interesting!

Edited by Benjisaur on 26-01-17 17:30
Author

RE: SSH Server - University Final Project

Huitzilopochtli
Member



Posts: 1535
Location:
Joined: 19.02.13
Rank:
God
Posted on 27-01-17 00:42
I used a version of NCrack https://forum.xda. . .1363768906 ported to Android.

And a Terminal Emulator https://play.goog. . .&hl=en

There are also IDE's that will let you run scripts and code written in almost any language on your Android phone these days man.

Welcome to the 21st century Thumbs Up

Edited by Huitzilopochtli on 27-01-17 03:04
Author

RE: SSH Server - University Final Project

Benjisaur
Member

Your avatar

Posts: 7
Location:
Joined: 25.01.17
Rank:
Newbie
Posted on 27-01-17 07:22
What a time to be alive! Cheers for that, very interesting Smile

B
Author

RE: SSH Server - University Final Project

Huitzilopochtli
Member



Posts: 1535
Location:
Joined: 19.02.13
Rank:
God
Posted on 28-01-17 19:08
I take it that this is just a VM we're logged into man ? Or do you spawn a new image for each new ip ?

Just noticed any changes to the file system seem to revert back if you're logged out.
Author

RE: SSH Server - University Final Project

Benjisaur
Member

Your avatar

Posts: 7
Location:
Joined: 25.01.17
Rank:
Newbie
Posted on 29-01-17 09:22
Yeah so I didn't want people who log in to attack it, who aren't from this post who have malicious intentions to think 'oh loads of people have attacked this maybe it's a bit too obvious I'm being logged' so after each log out it reverts back to original settings! Purely to avoid arousing suspicions.

B