Password Cracking

Password Cracking:SSH

In this article, we will learn how to gain control over the victim’s PC through SSH Port. There are multiple ways through which we can crack the password of the SSH port. Let’s take some time to learn all those because sometimes different circumstances call for a different measure.

Table of Content

  • Hydra
  • Medusa
  • X-Hydra
  • Metasploit
  • Patator
  • Ncrack

Let’s Begin The Password Cracking!


Hydra is a parallelized login cracker which supports numerous protocols to attack. It is a very fast, flexible, and new modules are easy to add in the attacks. This tool makes it possible for the researcher and security consultants to show how easy it would be to gain unauthorized access to a system remotely. We are using it the following way to crack the login.

hydra -L user.txt -P password.txt ssh

Where [- L] parameter is used to provide the username list and [- P] parameter used to provide the password list. Once the commands are executed it will start applying the dictionary attack and you will get the right username and password. After a few minutes, hydra cracks the credential, as we can observe that we had successfully grabbed the username as “shubh” and password as “123”.


Medusa is a speedy, parallel, and modular tool which allows login through brute force. Its goal is to support as many services that allow authentication possible. The key features of this tool are thread-based testing, Flexible user input, Modular design, and Multiple protocols supported. We are going to run this command to crack this log in.

Run the following command.

medusa -h -U user.txt -P password.txt -M ssh

Where [- h] use to assign the victim IP address, [- U] denotes the path for username list, [- P] denotes the path for the password list, [- M] to select the mode of attack. Now, the process of the dictionary attack will start. Thus, we will attain the username and password of our victim.


It is a GUI version of Hydra; it can be used for both offline and online password cracking. It has all the features and benefits of Hydra in the GUI form. Let’s start the attack by opening the tool. After opening this tool in the target, it will ask us about the target, service port number, protocol service name, and any other specific output option we want in our attack.

When we completed the details in the target tab, we need to switch into the password tab, where we need to fill up or browse the username and password list for the brute force attack. There are some extra options available in the tab like Try login as password, try empty password, and Try reversed login.

When we complete the details required for the attack, we need to switch the tab to start to initiate the attack on the victim’s server

As we can see that we crack the credentials with our attack.


It is a collaboration between the open-source community and Rapid 7. It helps security teams do more than just verify vulnerabilities, manages security assessments, and improve security awareness.

This module will test SSH logins on a range of machines and report successful logins. If we have loaded a database plugin and connected to a database this module will record successful logins and host you can access.

But first, open kali terminal and type “msfconsole”.Then follow these commands.

use auxiliary/scanner/ssh/ssh_login
set rhosts
set user_file user.txt
set pass_file password.txt

From the given screenshot, we can observe that we had successfully grabbed the SSH password and username. Moreover, Metasploit serves an additional benefit by providing a remote system command shell for our unauthorized access into the victim’s system.


Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules, and Nmap NSE scripts for password guessing attacks. I opted for a different approach to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.

It is quite useful for making brute force attacks on several ports such as FTP, HTTP, SMB, etc.

patator ssh_login host= user=FILE0 0=user.txt password=FILE1 1=password.txt

From given below screenshot, we can observe that the process of dictionary attack starts, and thus, you will attain the username and password of our victim.


Ncrack is a network authentication tool, which helps the pen-tester to find out how the credentials that are protecting network access are vulnerable. This tool is a part of the Kali Linux arsenal and comes pre-installed with its package. It also has a unique feature to attack multiple targets at once, which is not seen very often in these tools. Run the following command to exploit port 22 via Ncrack.

ncrack -U user.txt -P password.txt

Where [-U] helps us to assign to username list, [-P] helps us to assign the password list, and [-p] will help us to assign the service port number of the victim. We can see that we have successfully cracked the SSH credential.

Author: Shubham Sharma is a Pentester, Cybersecurity Researcher, Contact Linkedin and twitter.