In this article, we will learn how to control the victim's PC through the SSH port. We can crack the password of the SSH port in many ways. Let us take some time to learn all these things, because sometimes different situations require different measures.
Included content:
- Hydra ( Hydra )
- Medusa ( Medusa )
- X-Hydra ( Hydra )
- Metasploit
- Patator
- Ncrack
Let's start password cracking!
Hydra
Hydra is a parallel login cracking program, which supports multiple attack protocols. This is a very fast and flexible method, and it is easy to add new modules to the attack. This tool allows researchers and security consultants to show how easy it is to gain unauthorized remote access to the system. We use it to crack the login in the following ways.
hydra -L user.txt -P password.txt 192.168.0.8 ssh
The [-L] parameter is used to provide a list of user names, and the [-P] parameter is used to provide a list of passwords. Once the command is executed, it will start to apply the dictionary attack and you will get the correct username and password. A few minutes later, hydra cracked the credential because we can see that we have successfully obtained the username "shubh" and password "123".
Medusa
Medusa is a fast, parallel and modular tool that allows login via brute force. The goal is to support as many services that allow authentication. The key functions of this tool are thread-based testing, flexible user input, modular design, and multiple protocols supported. We will run this command to crack this login.
Run the following commands.
medusa -h 192.168.0.8 -U user.txt -P password.txt -M ssh
Among them, [-h] is used to assign the victim's IP address, [-U] represents the path of the user name list, [-P] represents the path of the password list, and [-M] selects the attack method. Now, the process of dictionary attack will begin. Therefore, we will obtain the username and password of the victim.
X-Hydra
It is the GUI version of Hydra. It can be used for offline and online password cracking. It has all the functions and advantages of Hydra in GUI form. Let's start the attack by opening the tool. After opening this tool in the target, it will ask us for information about the target, service port number, protocol service name, and any other specific output options we want to use in the attack .
After completing the details in the "Target" tab, we need to switch to the "Password" tab, where we need to fill in or browse the list of usernames and passwords for brute force attacks. There are some other options in the tab, such as "Try to log in with a password", "Try an empty password" and "Try to log in reversely".
After completing the details required for the attack, we need to switch the tab to start the attack on the victim's server .
As we can see, we cracked the credentials through an attack.
Metasploit
It is a collaboration between the open source community and Rapid 7. It can not only verify vulnerabilities, manage security assessments and increase security awareness, but it can also help security teams do more.
This module will test SSH logins on a series of machines and report successful logins. If we have loaded the database plugin and connected to the database, this module will record the successful login name and the host you can access.
But first, open a kali terminal and type "msfconsole". Then follow the commands below.
use auxiliary/scanner/ssh/ssh_login
set rhosts 192.168.0.8
set user_file user.txt
set pass_file password.txt
run
From the given screenshot, we can observe that we have successfully obtained the SSH password and username. In addition, Metasploit also provides a remote system command shell so that we can gain unauthorized access to the victim's system, thus providing additional benefits.
Patator
Patator is a multifunctional brute force cracking tool with modular design and flexible usage. Patator was frustrated out of password guessing attacks using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts. I chose a different approach, that is, not to create another powerful tool to avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, it is more reliable and flexible than its peers.
Very useful for brute force attacks on multiple ports (such as FTP, HTTP, SMB, etc.).
patator ssh_login host=192.168.0.8 user=FILE0 0=user.txt password=FILE1 1=password.txt
From the screenshot given below, we can observe that the process of the dictionary attack has started, so you will get the username and password of the victim.
Ncrack
Ncrack is a network authentication tool that can help the tester find out how the credentials protecting network access are vulnerable to attacks. The tool is part of the Kali Linux arsenal, and its software package is pre-installed. It also has a unique feature that can attack multiple targets at once, which is rare in these tools. Run the following command to utilize port 22 through Ncrack.
ncrack -U user.txt -P password.txt 192.168.0.8:22
[-U] helps us assign a list of usernames, [-P] helps us assign a list of passwords, [-p] helps us assign a victim’s service port number. We can see that we have successfully cracked the SSH credentials.
Author: Shubham Sharma is a Pentester, network security researcher. Intrusion