Professional Documents
Culture Documents
Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir
Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir
Mini Project Ms Dahlia - Nazim, Hasif, Iwani, Syakir
Student’s Name ;
1. MUHAMMAD HASIF FIRDAUS BIN MOHD HALIMI
2. MUHAMMAD FAIZUN NAZIM BIN MD FAUZAN
3. MUHAMMAD SYAKIR IRFAN BIN SAIFUL AMRI
4. NUR IWANI BINTI RASHIDY
This cover sheet must be completed, signed and firmly attached to the front of the submission.
Student’s statement:
I certify that I have not plagiarized the work of others or participated in unauthorized collusion when
preparing this assignment.
I also certify that I have taken proper care in safeguarding my work and have made all reasonable efforts to
ensure that my work not be able to be copied.
Signature: ………………………..
1
GERMAN MALAYSIAN INSTITUTE
MARK:
Comments:
2
GERMAN MALAYSIAN INSTITUTE
Table Of Contents
1. Find 1 tool to simulate an attack. 4
2. Find 1 IDS/IPS/Firewall/Honeypot tool (run in any OS / platform: Linux
platform/windows/desktop/server) 6
3. You should simulate the attack and show how you use ids to detect the attack 8
4. Requirement to use these tools (tool for attack/ids) 12
5. Procedure of installation 13
○ THC-Hydra 13
○ Wazuh 15
6. Discuss the use of these tools 17
○ Wazuh 17
○ THC-Hydra 19
7. Discuss about advantage/disadvantage of these tools 20
8. Explain examples on how to use the tool, explain how it works. 21
9. Conclusion 33
10. References 34
3
GERMAN MALAYSIAN INSTITUTE
Diagram 1 : THC-Hydra
To test the security of login systems, Hydra employs a variety of attack strategies,
including dictionary attacks, brute force attacks, and hybrid attacks. This diversity of attack
methods enables security professionals, ethical hackers, and system administrators to efficiently
evaluate and increase the security of their systems. Notably, users can fine-tune attack settings by
choosing character sets, password lengths, and other factors, allowing them to tailor the assault
to a specific scenario. This customization tool is especially useful when dealing with different
authentication systems and levels of security.
4
GERMAN MALAYSIAN INSTITUTE
It is critical, however, to underline that Hydra should only be used properly and with the
correct authority. The unauthorized use of this instrument is not only illegal but also unethical.
Account lockouts and alarms can be triggered by unauthorized intrusion attempts, potentially
causing interruption and harm. As a result, it must be used within legal and ethical limitations,
and users must receive specific authority to conduct security testing on systems and accounts.
5
GERMAN MALAYSIAN INSTITUTE
Diagram 2 : Wazuh
Wazuh is a complete open-source security monitoring and intrusion detection tool aimed
to improve enterprises' security posture. Its package of tools and components is designed to help
protect against security risks by enabling real-time monitoring, threat detection, and incident
response.
The Wazuh manager, which works as a centralized component for gathering and
evaluating security data, is at the heart of Wazuh. It is in charge of gathering information from
many sources, such as system logs, network traffic, and other security incidents. This data is
processed by the Wazuh manager, who employs a set of established procedures to identify
potential security issues or abnormalities.
6
GERMAN MALAYSIAN INSTITUTE
Wazuh also makes use of Elasticsearch and Kibana, two strong open-source data storage,
analysis, and visualization technologies. Elasticsearch is used to store the acquired security data,
allowing for efficient querying and searching. Kibana, on the other hand, provides an easy-to-use
interface for visualizing security events, creating custom dashboards, and generating thorough
reports. This makes it easy for security analysts and administrators to acquire insight into the
security status of their firm.
The true power of Wazuh is its capacity to detect security issues and create alerts based
on established criteria and custom configurations. It has a large number of built-in rules that
administrators can customize to their specific needs. When Wazuh detects suspicious or
malicious activity, it can send warnings, notifications, and even automated reactions to help
reduce security incidents as soon as possible.
7
GERMAN MALAYSIAN INSTITUTE
3. You should simulate the attack and show how you use ids to detect the attack
● SSH Hydra Brute Force :
3. Launching the Attack: Type the Hydra command, and the programme will
begin logging into the SSH server using the lists of usernames and
passwords that you have supplied.
8
GERMAN MALAYSIAN INSTITUTE
- To check if the wazuh is able to detect the attack, go to the Wazuh web page and
click on “Security events” to see the information that has been collected regarding
the brute force attack.
- Here shows the dashboard of the Security events that have been occurring by the
agent from Ubuntu.
- It shows how much the authentication failed, which is 40.
9
GERMAN MALAYSIAN INSTITUTE
- Then scroll down, the user can see the information regarding the security event
that has happened.
- It shows the authentication failed and user login failed description which shown
the brute force attack occur.
- Click on the arrow to see the detailed information regarding the problems occur.
10
GERMAN MALAYSIAN INSTITUTE
- The image above shows that the targeted machine has been attacked by the
password Guessing through the SSH services.
11
GERMAN MALAYSIAN INSTITUTE
Tools Requirement
12
GERMAN MALAYSIAN INSTITUTE
5. Procedure of installation
○ THC-Hydra
1. This command will directly install Hydra from repositories; it will install
the command-line version of Hydra with front-end GUI on your Linux
system.
sudo apt-get install hydra-gtk
2. So, in case you used this command or Hydra was preinstalled on your
system, you can remove it using :
sudo apt-get purge hydra-gtk && sudo apt-get autoremove && sudo
apt-get autoclean
3. Before doing anything, we first need to get our system up to date by using
command :
sudo apt-get update && sudo apt-get upgrade && sudo apt-get
dist-upgrade
13
GERMAN MALAYSIAN INSTITUTE
5. Once it is done, we need to clone the repository from GitHub. Use the
command :
git clone https://github.com/vanhauser-thc/thc-hydra.git
14
GERMAN MALAYSIAN INSTITUTE
○ Wazuh
1. To get the command for downloading Wazuh, go to the “Wazuh
Installation” website. Open your Kali and type the command which is :
3. The output displays the access credentials and a message confirming the
installation's success once the assistance has completed it.
15
GERMAN MALAYSIAN INSTITUTE
16
GERMAN MALAYSIAN INSTITUTE
Intrusion Detection :
Wazuh agents detect malware, rootkits,
and anomalies in monitored systems,
using a signature-based approach and
regular expression engine for intrusion
detection.
Vulnerability Detection :
Wazuh agents use automated vulnerability
assessment to collect software inventory
data, compare it to CVE databases, and
Use Cases identify vulnerabilities, preventing
business destruction or data theft.
Incident Response :
Wazuh provides proactive solutions to
mitigate threats, including denying system
access, remotely executing commands,
discovering compromises, and aiding in
live forensics and incident response.
17
GERMAN MALAYSIAN INSTITUTE
18
GERMAN MALAYSIAN INSTITUTE
○ THC-Hydra
Password Testing :
Hydra is frequently used to test the
strength of passwords on user accounts,
which can be useful in discovering weak
or readily guessable passwords. This is
especially critical when people have
access to sensitive data or systems.
Penetration Testing :
Hydra is used during penetration tests by
ethical hackers and security professionals
to detect weaknesses in authentication
systems. They can examine the success of
password regulations and offer
Use Cases modifications by attempting to hack
passwords.
Security Auditing :
Hydra can be used by organizations to do
security audits on their systems and
services to ensure that suitable
authentication mechanisms are in place
and to discover any potential
vulnerabilities..
Account Recovery :
Hydra is a tool that can be utilized for
password recovery when legitimate users
have forgotten their passwords by
systematically testing various password
combinations.
19
GERMAN MALAYSIAN INSTITUTE
20
GERMAN MALAYSIAN INSTITUTE
- Then, the page will prompt to the “Agents” page where there will be a “Deploy
new agent” button. Click that to add new agents.
21
GERMAN MALAYSIAN INSTITUTE
- Next, choose the OS that you want to deploy the agent to.
- Then, enter the Wazuh server address and the name of the agent that will the
program used.
- After that, the system will generate a code that will be used to install agents on the
chosen OS. Copy the code.
22
GERMAN MALAYSIAN INSTITUTE
- Used the code that has been copied on the chosen OS which is in this case the
Ubuntu OS.
- After the Ubuntu finished setting up the agent package, enable and start the
wazuh-agent.
23
GERMAN MALAYSIAN INSTITUTE
- Type the “systemctl status wazuh-agent” to see if the agent has been up or not.
- Check the wazuh agent page to see if the new agent has been added to the page.
24
GERMAN MALAYSIAN INSTITUTE
- Used command “ifconfig” to check the ip address of the targeted machine which
is Ubuntu.
- After verify the ip address, go to the attacking machine to start the attacking
process.
25
GERMAN MALAYSIAN INSTITUTE
- Then, using the hydra attacking tool to start the brute force attack.
- The command “hydra -l ubuntu -P Wordlists.txt ssh://192.168.132.138” where :
- Hydra: indicate the tools used
- -l ubuntu: indicate the known username used by the targeted machine
which is “ubuntu”
26
GERMAN MALAYSIAN INSTITUTE
27
GERMAN MALAYSIAN INSTITUTE
- To check if the wazuh able to detect the attack, go to wazuh web page and click
on “Security events” to see the information have being collect regarding the brute
force attack.
- Here shows the dashboard of the Security events that have being occur by the
agent from the Ubuntu.
- It shows how much the authentication failed value which are 40.
28
GERMAN MALAYSIAN INSTITUTE
- Then scroll down, the user can see the information regarding the security event
that has happened.
- It shows the authentication failed and user login failed description which shown
the brute force attack occur.
- Click on the arrow to see the details information regarding the problems occur.
29
GERMAN MALAYSIAN INSTITUTE
- The image above shows that the targeted machine has been attacked by the
password Guessing through the SSH services.
○ Generate report
- Scroll up and click on the generate report in order to make a report of the
security events.
30
GERMAN MALAYSIAN INSTITUTE
- Here the image shows the reporting page where the generated report have being
made.
- Click on download to download and view the report.
31
GERMAN MALAYSIAN INSTITUTE
32
GERMAN MALAYSIAN INSTITUTE
9. Conclusion
Cybersecurity relies on the interaction between attacker tools and prevention tools.
THC-Hydra is a powerful tool used by security professionals and ethical hackers to test network
services and applications' authentication mechanisms. It supports various attack methods and can
identify weak passwords, facilitating proactive security measures. However, its use requires strict
adherence to ethical and legal guidelines, as misuse can lead to unauthorized access and account
lockouts.
Both Wazuh and THC-Hydra play separate yet critical roles in cybersecurity. Wazuh, an
open-source security monitoring tool, enables enterprises to be proactive in the face of threats. It
provides real-time data gathering and analysis, utilizing established rules and custom
configurations to effectively detect and respond to security problems. THC-Hydra, a powerful
password-cracking tool, on the other hand, assists security experts in testing the robustness of
authentication schemes by conducting brute-force and dictionary attacks against a diverse set of
network protocols and services.
33
GERMAN MALAYSIAN INSTITUTE
10. References
[1]
Wazuh, “Overview | Wazuh,” Wazuh, Oct. 17, 2023. https://wazuh.com/platform/overview/
(accessed Oct. 29, 2023).
[2]
THC Hydra, “Cybersecurity - Attack and Defense Strategies,” O’Reilly Online Learning, 2023.
https://www.oreilly.com/library/view/cybersecurity-attack/9781788475297/51c672f5-520c-4689-
9956-10d1e8ddd891.xhtml
(accessed Sep. 11, 2023).
[3]
Vira r, “The G2 on Wazuh - The Open Source Security Platform,” G2, Jun. 23, 2023.
https://www.g2.com/products/wazuh-the-open-source-security-platform/reviews
(accessed Oct. 29, 2023).
[4]
“IBM Documentation,” Ibm.com, May 08, 2023.
https://www.ibm.com/docs/en/dsm?topic=configuration-ossec
(accessed Oct. 22, 2023).
[5]
“Red Hat Ecosystem Catalog,” Redhat.com, 2023.
https://catalog.redhat.com/software/container-stacks/detail/5e9872ac3f398525a0ceafc3
(accessed Oct. 22, 2023).
34
GERMAN MALAYSIAN INSTITUTE
[6]
“Password Cracker THC Hydra | CYBERPUNK,” CYBERPUNK, Jul. 16, 2018.
https://www.cyberpunk.rs/password-cracker-thc-hydra
(accessed Sep. 11, 2023).
[7]
Manish Shivanandhan, “How to Use Hydra to Hack Passwords – Penetration Testing Tutorial,”
freeCodeCamp.org, Nov. 18, 2022.
https://www.freecodecamp.org/news/how-to-use-hydra-pentesting-tutorial/#:~:text=Hydra%20is
%20a%20brute%2Dforcing,databases%2C%20and%20several%20other%20services.
(accessed Sep. 11, 2023).
[8]
“Kali Linux Hydra | Techniques that Help to Avoid Brute Force Attacks,” EDUCBA, Nov. 13,
2022. https://www.educba.com/kali-linux-hydra/
(accessed Sep. 11, 2023).
[9]
“Red Hat Ecosystem Catalog,” Redhat.com, 2023.
https://catalog.redhat.com/software/container-stacks/detail/5e9872ac3f398525a0ceafc3
(accessed Oct. 22, 2023).
35