6 Ways to Hack SSH Login Password

In this article, we will learn how to gain control over our victim’s PC through SSH Port. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Table of Content

  • Hydra
  • X-Hydra
  • Medusa
  • Ncrack
  • Patator
  • Metasploit

Let’s Begin!

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more

Now, we need to choose a word list. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

  •  -L for a username list
  • -P for the password list

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. After a few minutes, Hydra cracks the credential, as you can observe that we had successfully grabbed the SSH username as pavan and password is toor.

xHydra

This is the graphical version to apply dictionary attack via SSH port to hack a system. For this method to work:

Open xHydra in your Kali. And select Single Target option and there give the IP of your victim PC. And select ssh in the box against Protocol option and give the port number 22 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible

 Run the following command

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

Patator

 Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as FTP, HTTP, SMB and etc.

From given below image you can observe that the process of dictionary attack starts and thus, you will attain the username and password of your victim.

Metasploit

This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open Kali terminal type msfconsole Now type

From given below image you can observe that we had successfully grabbed the SSH password and username, moreover Metasploit serves an additional benefit by providing remote system command shell for unauthorized access into victim’s system.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

1 Comment 6 Ways to Hack SSH Login Password

  1. Alex Greener

    Good article overall, but these are all dictionary attacks. A “Brute force” attack is an attack that tries ALL possible passwords, eventually cracking it. You can’t call a “dictionary attack” a “brute force attack”. Also, EVERY single way to crack ssh is a dictionary attack. You should have at least shown how to conduct a “brute force” attack. Forgetting my constructive criticism, good article overall.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *