SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos 

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Breaking SSH, VNC, and other passwords with Kali Linux and Hydra


Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool.


The command line version of the tool gives you much for flexibility in how to use the tool.


Wordlists


This attack requires a wordlist. You can locate the default wordlist. This demo works well with the rockyou word list located at /usr/share/wordlists/rockyou.txt.gz in Kali. You will need to extract it first before using it. You can also use Aamir Lakhani’s Dr. Chaos guide to creating your wordlists with this tutorial http://www.drchaos.com/creating-custom-dictionary-files-using-cewl/


If you want the mother of all dictionary files, here is my 4.5Gb  (13Gb uncompressed) dictionary file: https://mega.nz/#!vgRTXIoa!1QdZLw4BtFCpLX3boPG0xzR9e_4KhVOJXvepI7aML-8


Scanning for SSH Servers using NMAP


The first thing we will do is scan for SSH services listening on port 22. We are going to scan for the entire 10.1.100/24 subnet, but we could also scan for single host or a range.


Here’s a simple example that will scan all computers on the subnet and report any devices listening on port 22. . All of this along with the version of SSH that the server is running is output to a text file ssh_hosts:

nmap –p 22 –open –sV 10.1.100.0/24 > ssh_hosts

We could have also scanned it this way

nmap -p22 –open -PN -sV -oG ssh_hosts 10.1.100.0/24

Or another way, this presents a list if IPs that have SSH up:

nmap -p 22 10.44.46.0/27|awk ‘/scan report for/ {print $0}’|grep -Eo ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’

Next I am going to use Hydra. Hydra is very well-known and respected network log on cracker which can support many different services. (Similar projects and tools include medusa and John The Ripper). Hydra is able to use external files for passwords, usernames, or username and password combinations.


Hydra can be used to brute-force the following services:As a password/ log on cracker (hacking tool) – Hydra has been tested on the multiple protocols. We are going to enter the command:hydra -l root -P /root/password.txt 192.168.0.128 ssh T


he options in Hydra are very straightforward: -l telling Hydra you will provide a static login (you can use a file for multiple usernames instead). -P password file, or (lowercase) -p for (static) password-t TASKS of number of connected in parallel (per host, default is 16).ssh – you can specify the protocol being used. special thanks to Clay Nakamura and Tyler Nakamura for their updates on Sept 3rd, 2016




Hydra example to local host