Crowbar is a tool that is specifically developed to perform brute force attacks during pentesting tests. This tool applies brute force attacks differently than other tools that already exist. Today there is a large number of tools to attack the user / password of an OpenSSH server, however, we did not have any that were able to test the SSH keys, public key cryptography.
According to a cyber security expert from the International Institute of Cyber Security, Crowbar allows to attack by brute force different services, such as SSH, using public key cryptography. This will allow using the private key captured previously in the pentesting, to try to attack other services in another server.
It also allows attacking OpenVPN servers to test user / password combinations, as well as certificates, which we can define before starting the attack. Other services available to attack are the RDP, Remote Desktop Protocol, and also the VNC service, both will allow remote access to the attacked machine.
The tool is compatible with Linux-based operating systems, such as Debian, Ubuntu, and of course Kali Linux.
Installing Crowbar on Linux
The first thing that must be done before downloading Crowbar, is to install the necessary dependencies, in this case to support OpenVPN, VNC and RDP, the corresponding packages to these services must be installed. The data security professional said that openssh-client was not installed because the majority of distributions incorporate it by default.
To start the installation of these packages, depending on the distribution you must execute one order or another, since it is possible that a distribution does not use the apt package manager. In case you use it, you should put:
sudo apt install openvpn freerdp-x11 vncviewer
Once the necessary programs are installed, the GitHub repository where Crowbar is located is cloned, if the “git” tool is not installed on the computer:
sudo apt install git
Once installed, the repository is cloned:
git clone <a class=”vglnk” href=”https://github.com/galkan/crowbar” rel=”nofollow”> <span> https </ span> <span>: // </ span> <span > github </ span> <span>. </ span> <span> com </ span> <span> / </ span> <span> galkan </ span> <span> / </ span> <span> crowbar </ span> </a>
Already cloned, it must be accessed with the “cd” command and proceed to execute the “crowbar.py” file. This program is written in Python, so it should also be installed. If you are using Kali Linux, it is installed by default.
What options do we have in Crowbar?
To execute Crowbar, place in the same directory where the crowbar.py file is and pass different arguments to perform different actions. The cyber security expert comment that this program allows the “-b” flag to define the attacks to the different services:
./crowbar.py -b [openvpn | rdp | sshkey | vnckey] [arguments]
For example, to attack the RDP service at the IP address 10.10.10.10/32 and try for the user “admin” several keys stored in a text file, write the following command:
./crowbar.py -b rdp -s 10.10.10.10/32 -u admin -C / root / Desktop / passlist
There is also the possibility to test the same key for different users, and to try all combinations of a list of users and a list of passwords.
If you want to test all the private keys of a certain folder, indicate:
./crowbar.py -b sshkey -s 10.10.10.10/32 -u admin -k /root/.ssh/
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.