SSH protocol is a network protocol that is used to establish an encrypted channel across an open network between a server and a client. In general, a
public/private key pair allows users to log in to a system without requiring the password. The public key is present on all systems that require a secure connection. The authentication is based on the private key, well SSH verifies the private key against the public key. On the target systems, the public key is verified against a list of authorized keys that are permitted to remotely access the system. This supposedly secured the communication between the client and the server. SSH is vulnerable to a
Brute-Force Attack that guesses the user’s access credentials. For this example, we will use a tool called
Hydra. It also supports attacks against the greatest number of target protocols. Let’s start cracking. There are two versions of Hydra. The command-line version, and the
GUI version, which is called
Hydra-GTK. So for this example, we will invoke Hydra from the command line.
hydra -s 22 -v -V -l root -P /usr/share/wordlists/rockyou.txt -t 8 192.168.0.115 ssh
So open your console application. Of course, you start with the executable name, Hydra, followed by -s argument which designates the port to be used. Also, it does not need to be entered when the default port is intended to be you. But let’s be honest, by adding it removes any ambiguities and also, it speeds up testing.
- The -v, lower-case and upper case are for maximum verbosity.
- The -l selects the login name,
- The -P selects a password file path,
- The -t arguments select the number of parallel tasks or connections. The greater the number, the faster the test will occur, followed by the victim’s metasploitable IP address.
- And finally, the protocol name is SSH.
- Finally, press Enter. Check this out. Password cracked successfully.
I hope it has been a useful article.