Brief Summary
This video demonstrates how an ethical hacker, Kim, uses Hydra to brute-force a Windows 10 machine's Remote Desktop Protocol (RDP) and gain unauthorised access. The video covers network scanning with Nmap, preparing Hydra with SecLists for username and password lists, executing the brute-force attack, and finally, accessing the victim's machine. It concludes with essential security measures to protect against such attacks.
- Ethical hacking demonstration using Kali Linux and Hydra.
- Exploiting vulnerable RDP on a Windows 10 machine.
- Security measures to prevent brute-force attacks.
Prologue
The video opens by describing a scenario in a coffee shop where someone could be scanning the public Wi-Fi network for vulnerable machines with open doors like Remote Desktop Protocol (RDP). It introduces Hydra, a tool that can launch a brute-force attack to guess usernames and passwords until it breaks in, setting the stage for an ethical hacking demonstration.
Setup: Attacker and Victim
Kim, the ethical attacker, uses Kali Linux to target Sally's Windows 10 machine, which has Remote Desktop Protocol (RDP) enabled. The video identifies Sally's username as "Sally" and the computer name as "desktop W10" using the command prompt. It confirms that remote desktop is active and accepting connections in the settings menu, highlighting the vulnerability Kim will exploit.
Scanning the Network with Nmap
Kim needs to find Sally's machine IP address on the network. He first checks his own IP address to understand the subnet he's connected to, using the ipa command in the terminal. After determining he's on the 192.168.1.0/24 subnet, Kim uses Nmap to scan the local network for devices with port 3389 open, which is the port used by RDP. The command nmap -p 3389 192.168.1.0/24 identifies Sally's computer, providing Kim with the crucial IP address needed for the brute-force attack.
Preparing Hydra with SecLists
Hydra, a network login cracker, is introduced as a tool that tries millions of username and password combinations against a target service. To use Hydra effectively, Kim needs lists of usernames and passwords. He uses SecLists, a collection of real-world usernames, passwords, and payloads. After verifying that SecLists isn't installed, Kim installs it using sudo apt update and sudo apt install seclists. He explores the username and password lists, selecting "top-username-shortlist" and "RockYou05" for their manageable size, and manually adds "Sally" to the username list.
Running the Brute-Force Attack
Kim uses Hydra to launch the brute-force attack, using the command hydra -t 4 -V -l Sally -P /usr/share/seclists/Passwords/rockyou.txt rdp://<target_ip_address>. This command tells Hydra to run four login attempts in parallel, use verbose mode, and target the RDP service on Sally's machine. After a few attempts, Hydra finds a working login: username "Sally" and password "123456".
Successful Login & Remote Access
With the correct credentials, Kim uses XFreeRDP to remotely access Sally's machine. The command xfreerdp /u:Sally /p:123456 /v:<target_ip_address> establishes the connection, granting Kim full access to Sally's Windows desktop. He can browse files, install programs, and monitor her activity, demonstrating the severity of the security breach.
How to Protect Against These Attacks
The video concludes by providing best practices to protect against brute-force RDP attacks: disable RDP if not needed, use strong and complex passwords, enable account lockout policies, use multi-factor authentication, and monitor logs for suspicious login activity.
