International Journal of Research in Advent Technology, Vol.3, No.

12, December 2015

E-ISSN: 2321-9637
Available online at www.ijrat.org

Hacking Target Machine Using Social

Engineering and SSH
Nirav Shah1 ,Vinit Patel2
B.E Computer Engineering1,2
Rajiv Gandhi Institute of Technology1,2
nrvshah10@gmail.com1,patelvinit128@gmail.com2
Mumbai, India.

Abstract - Hacking is the word that shakes Hacking i.e. White Hat Hacking, Grey Hat Hacking
everyone whenever it is said or heard by someone and Black Hat hacking [2]. White Hat Hacking is
at any time anywhere. Everyone born in this world the practice made by the hackers to dominant the
with attitude wants to be a Hacker at some point of world by their criminal skills. It is used in the profit
time. A Hacker needs a brilliant mind to hack making purpose. Similarly other type of hacking is
anything. His skills should be so powerful that he Grey Hat Hacking in which he or she is submerged
can’t get caught and at same time his need get in the world of hacking for non-profitable purpose
satisfied, need can be anything like money, getting and also want to prove themselves that they can
valuable information, etc of organization. dominant the world by their criminal skills. For
Nowadays Hacking has been one of the common example if he or she is intended to enter into other
practices made by the computer expert in order to computers and able to extract important data
try and find vulnerabilities in a network without causing harm to the victim can be term as
infrastructure. In this paper we have shown how to he or she is Grey Hat Hackers. Grey Hat Hackers
hack into server or target machine with simple steps can also be known as ethical hackers that they can
using SSH protocol. be both helpful and harmful as it is the combination
of both White & Black Hat Hacking. In addition to
Keywords: Hacking, Vulnerabilities, SSH that if the Grey Hat Hackers crosses their
Protocol, nmap, hydra tool boundaries then there is no chance to become Black
Hat Hackers. Similarly last and most high
1. INTRODUCTION demanding types of hacking known as Black Hat
What comes to mind when you hear the word Hacking is describe in this paper. It is also known
'hacker'? For most it means stealing information as cracker or dark side hacker. In this types of
through the Internet, gaining illegal access to hacking he or she is fully involve in profit making
another person's PC, or simply - disruptive activities by destroying organization network,
behaviour using a computer. stealing others valuable data ,documents, hacking
bank account and transferring money to their own
The state of security on the Internet is bad and so on.
and becoming worse. The subject of hacking is no
secret to the general public. Many people have been Don't take the advice of the people who
exposed to it by a bad experience or through the give simple steps as if you are not careful enough
news and media. The idea of hacking that is stuck you can get caught and for doing it in the perfect
in the minds of people is that of which they have way you need to master the art, know the risks and
seen in the movies. The movies portray hackers as learn to avoid it.
young and devious criminals. However, in reality
these individuals are talented people who use their If the hacker is experienced and smart, the
abilities to find new and challenging ways to hacker will use telnet to access a shell on another
change how computers work. The meaning of machine so that the risk of getting caught is lower
Hacker is one who accesses a computer which is he than doing it using their own system. We have also
is not supposed to access and maybe he belongs used SSH for hacking purpose. SSH [3] is a
non-authorised people of the community. Different protocol for authenticating and encrypting remote
Ethical Views on Computer Hacking by different shell sessions. But, using SSH for just remote shell
people can help us to understand computer hacking sessions ignores 90% of what it can do. It is one of
process [1]. protocol like ftp which can be used to connect two
machines. It is a long process, but there is a
Now let’s define hacking in simple shortcut you can use and that’s termed as social
language, hacking a process which allows you to engineering which can help u to hack system very
enter into system which he/she not allowed and not early.
getting caught. There are three different types of

10
 International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org

Social engineering is a non-technical

procedure of intrusion hacker’s use that is based on
human interaction and often involves tricking
people into breaking normal security procedures. It
is one of the greatest threats that organizations
today encounter. Example a employer can break
security for personal reason Social engineering [4]
can also be thought as art of manipulating people
so they give up confidential information also it is
an art guessing things which can so common but its
confidential .Example People keep their name as
username and password 123456.So this details are
confidential but by observing and guessing the
details we can damage or do bad things.

2. WORKING
OK, now I am going to give you the exact
steps. Hacking is not easy, but it can be done with
sufficient knowledge and understanding.
We will provide snapshots so you can understand
steps in easy way.
Before you start you need to have patience
and time to learn the art and properly do it. Fig: 2.1 nmap command result

This steps which we will tell you is only applicable Now as we have earlier specified we will use ssh to
to CentOs (Linux) which is running on target or enter into the target system (hack the system).
victim’s machine. The operating system we are
using is Kali Linux. It is basically a penetration tool 6. Now will use Hydra tool for cracking
used for Hacking purpose only. password in order to get access the target system.
Hydra is a parallelized login cracker which supports
Steps : numerous protocols to attack. It is very fast and
flexible, and new modules are easy to add. This tool
1. The victim i.e. target computer should be in makes it possible for researchers and security
the same network or a LAN. consultants to show how easy it would be to gain
2. Identify the victim’s ip address. unauthorized access to a system remotely.
3. In order to do that, scan the ip address of the So now this step takes use of social
victim pc using Nmap tool. Nmap is short for engineering and your smartness to guess the
Network Mapper. It is an open source security tool common user name and passwords. It’s kind of
for network exploration, security scanning and easy as it is guess user name of particular system.
auditing. However, nmap command comes with Example mostly system have account with user
lots of options that can make the utility more robust name who owns that system and if we are in any
and difficult to follow for new users [5]. organization, organization name can be user of
4. Command to do that is nmap –A system in most case. Similarly people keep simple
victim’s_ip_address passwords like 123456 in most of organization, so
5. This will return the services, open ports, you have to be smart to guess the passwords and
protocol running on victim’s pc as you can see user names which can exists. Rest all will be done
in snapshot example of it with Ip as by hydra tool itself .You can find more important
.Now you can see what all servies are running information about hydra here [6, 7].
in target machine, there can be many like
vsftpd, httpd, ssh but we are going to use ssh. 7. In Hydra tool we need to have two files.
So see the details of ssh service properly when i. Users.txt = this will contain the list of all
you use nmap command. possible users that can be the users of that
target system.
ii. Pass.txt = this will contain all the
passwords you think that can be the
password with any user which is present in
users.txt file.

11
 International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
8. We note that we actually don’t know the correct
user with respected password. Hydra tool will do
the brute force approach on the users.txt file and
pass.txt file and gives the output as highlighting the
match username and its respective password.
9. Now you will enter into the victim’s pc by using
the following
owing command as now you already know
the username and password. Snapshot is given to
show example.
ssh username@victim’s ip .
In my example gautam is username. You
can use various commands like ls, cd to explore
victim pc. Note. You don’t have root access
acce you
can only read and not execute files which requires
root privilege.also.#gautam indicates that we
moved from rocketmail user to victim’ machine
and we are asking for permission to connect.

Fig 2.3 Users List (passwd file)

16. Now we need to make UID, GID of the user to

which we have logged in to 0(zero). So that system
will give this normal user a root privileges. We are
making user gautam a root user as an example.

17. In order to do this use following steps

i. Press i or insert to edit the passwd file.
ii. Insert 0 at UID and also GID at row of the
user you want to give root privileges. As
you are normal user you cannot modify
the passwd file as it will throw error
saying “read only file”.
iii. Now in order to save the changes to
Fig 2.2 Command SSH and Files and Directories
of victim’s machine.
machine modified passwd file useu following steps
iv. Press ESC Then press shift colon (:).this
10. Now it will ask to enter the password. Now is used to come into command mode.now
enter the password which you got already by the type “w !sudo tee passwd”.
Hydra tool. Snapshot is shown for better understanding of
command given in earlier sub step. As we can see
11. Now you are in the victim’s machine with in highlighted part UID and GID GI is made 0 and
normal user privileges. The $ mode indicates you command is written to save changes and get the
that you are not a root user. You need to have #
root privilege now and do anything we want.
mode with log in to have root privileges.
12. So somehow by end of the procedure you
should get # mode with your selecteded user name.
13. To have a root access, go to password file [8]
which you can only read but cannot modify as you
are not root user.
14. To go to password file use following command.
vi /etc/passwd .
15. Now you can read the list of all users with
various fields like UID, GID, and Shell.

12
 International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org

dictionaries of username/password pairs that

Fig 2.4 Command for Root incorporate a significant percentage of apparently
Access strong passwords. Using a password checking tool,
especially one that restricts systematic approaches
18..Now you have given the current user a ROOT to password selection, can provide an extra
privileges so that you can do any modification in measure of protection against malicious login
the target system including deleting, changing of traffic, especially when combined with other
file, etc. protective measures designed to reduce the
Enjoy…!! visibility of Internet facing servers.

3. ADVANTAGES REFERENCES
[1]http://www.directessays.com/viewpaper/94312.h
1. To gain Information about the Victim. tml
2. Modify the resources of victim’s machine. [2] http://drmzz.blogspot.in/2013/07/abstract-of-
3. Confidential data can be leaked and used typesof-hacking-that-may.html
by attacker to do damage. [3] http://matt.might.net/articles/ssh-hacks/
4. Attacker can also make system [4]http://www.webroot.com/in/en/home/resour
unavailable for victim which in turn is ces/t ips/online-shopping-banking/secure-
harm for victim as he/she cannot access what-is-social-engineering
their own machine. [5] http://www.cyberciti.biz/networking/nmap-
5. Attacker can launch a virus or any attack command-examples-tutorials/
once it het root access. [6] http://www.concise-
courses.com/security/what-is-
hydra/
4. CONCLUSION [7] http://null-byte.wonderhowto.com/how-
Linux systems face a unique threat of compromise to/hack-like-pro-crack-online-passwords-
from brute force attacks against SSH servers that with-tamper-data-thc-hydra-0155374/ /
may be running without the knowledge of system [8]http://www.cyberciti.biz/faq/understanding-
owners/operators. Many Linux distributions install etcpasswd-file-format
the SSH service by default, some without the
benefit of an effective firewall. Thus, otherwise
conscientious system administrators who keep their
systems fully patched may fall prey to a system
compromise caused by a carelessly chosen
password. As our study results show, not all
vulnerable passwords can be considered weak,
based on commonly-held beliefs of password
strength. Attackers are using and sharing attack

13