Metasploitable/SSH/Brute Force

From charlesreid1

Revision as of 16:02, 25 March 2016 by Admin (talk | contribs) (Created page with "This walks through using Hydra to brute-force login information on Metasploitable. =Background= We will use Hydra to brute-force SSH logins. ==Usage== If we just type...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This walks through using Hydra to brute-force login information on Metasploitable.

Background

We will use Hydra to brute-force SSH logins.

Usage

If we just type hydra, we can see the basic usage: 

root@morpheus:~# hydra 
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]

Options:
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   list of servers to attack, one entry per line, ':' to specify port
  -t TASKS  run TASKS number of connects in parallel (per host, default: 16)
  -U        service module usage details
  -h        more command line options (COMPLETE HELP)
  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
  service   the service to crack (see below for supported protocols)
  OPT       some service modules support additional input (-U for module help)

Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don't use in military or secret service organizations, or for illegal purposes.

Example:  hydra -l user -P passlist.txt ftp://192.168.0.1

Procedure

First, it would be great if we could log in via SSH as root, but this is usually disabled. To be successful, we will need a list of users on the system. This can be obtained many ways, but two methods using SQL servers are covered in Metasploitable/MySQL and Metasploitable/Postgres.

Retrieved from "https://charlesreid1.com/w/index.php?title=Metasploitable/SSH/Brute_Force&oldid=9732"