Header Ads

Brute Forcing SSH With xHydra



This tutorial is dedicated to anyone and everyone who understands that hacking and learning is a way to live your life, not just a day job or list of instructions...

Introduction:

Today I am going to show you how to perform a Brute Force attack against an SSH Server. Even though the attack is being performed against an SSH server performing a brute force attack against other services (e.g. VNC) is the same basic concept. In this tutorial I will be using Hydra GTK on Kali Linux. To launch Hydra GTK in Kali you can launch it from the graphical interface in Kali or you can launch it from the command line using the xhydra command. By the end of this tutorial you should have an understanding of how to perform a brute force attack against an SSH Server.

Performing the Attack:

--> Change Protocol from afp to ssh
--> Change port to 22 (or whatever port SSH is running on by default it is 22)
--> Under single target put the IP address of the target you are attacking (or you could use a list of ip addresses)
--> Now click on the Passwords tab and under username put root (or you could use a list of usernames)
--> In this attack we are going to be using the rockyou.txt wordlist which in Kali is located in /usr/share/wordlists/rockyou.txt.gz (make sure you extract the wordlist before using it)
--> Under the passwords tab tick Try login as password
--> Under the passwords tab tick Try empty password
--> Now go ahead and click the Start button which is in the Start tab
--> Hydra will keep attempting to login to the SSH server until the password for root it found or until it has reached the end of the wordlist.

Success!

In this case we were able to find the root password which was cheese. This is what the output of xHydra looks like.

Code:
[22][ssh] host: 192.168.131.157 login:root password:chesse

Covering Your Tracks

Now that we have root access to our box, we need to cover our tracks. If you look at the file /var/logl/auth.log there are a number of failed login attempts we need to delete the evidence so remove the file with the following command.

Code:
# rm /var/log/auth.log

Or you could open the file in an editor and remove the failed login entries.

For informative purposes only!

Enjoy!
Powered by Blogger.