Tutorials

Bruteforce SSH using Hydra, Ncrack and Medusa – Kali Linux 2017

In previous article, we got to know that how to install and configure OpenSSH Server in Kali Linux. Now today we’ll see how to crack the password of SSH remotely. Generally SSH uses RSA encryption algorithm which create an unbreakable tunnel between the client computer and to the remote computer and as we all know that nothing is unbreakable.

Brute force attacks work by testing every possible combination that could be used as the password by the user and then testing it to see if it is the correct password. To see if the password is correct or not it check for any errors in the response from the server.

The tools which we’ll use to bruteforce SSH are:

  1. HYDRA
  2. NCRACK
  3. MEDUSA

Now to bruteforce any thing, you really need a good dictionary list that you can easily find it through Packet storm security database.

1) Bruteforce using Hydra –

To install hydra in your Kali Linux machine, type the below command:

Command: apt-get install hydra hydra-gtk

Hydra tool is totally based on Debian Linux and to run hydra in your local machine, type

Command: hydra -l root -P ‘<Dictionary File>’ <Remote IP> SSH

2) Bruteforce using Ncrack –

Ncrack is little bit harder than Hydra but is more powerful amongst all other tools. To download Ncrack, the command is:

Command: wget https://nmap.org/ncrack/dist/ncrack-0.5.tar.gz

Now Extract the Ncrack package with the help of Tar command:

Command: tar -xvzf ncrack-0.5.tar.gz

Now we need to configure and compile this ncrack by typing these commands “./configure“, “make” and “make install“.

To use Ncrack, type below command in your terminal:

Command: ncrack -p 22 –user root -P ‘<Dictionary File>’ <Remote IP>

3) Bruteforce using Medusa –

Medusa is another popular bruteforcing tool through which you can easily crack the SSH password of any remote machine. To download Medusa in your Kali Linux machine, type below command:

Command: wget http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz

Now to extract the downloaded medusa package, type:

Command: tar -xvzf medusa-2.0.tar.gz

Now after extracting, next step is to configure the tool by typing these commands: “./configure”, “make” and “make install”.

To run Medusa, type the following command in your terminal:

Command: medusa -u root -P ‘<Dictionary File>’ -h <Remote IP> -M ssh

Have something to say about this article? Comment below or share it with us on Facebook or Twitter.

H4ck0
Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.
https://www.yeahhub.com/

WHERE SHOULD WE SEND

HACKING TUTORIALS & INFOSEC NEWS?

Subscribe to Our Newsletter and Get Instant Delivered to Your Email Inbox.

We respect your privacy and take protecting it seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *

11 − four =