Hello NullSec, Joker here with another Tutorial. This time I am gonna explain how to crack the password of a SSH which is one of several services that can be cracked with a Password Cracker like Hydra and Medusa. Of course there are other ways to obtain the password like Social Engineering, Exploit, etc. But one of the common ways is of course cracking the password itself.
#Nmap
Before we get cracking, we must first determine the system is running a SSH service. Most likely SSH will be running on Port 22, which is what we will be using with Nmap. In a terminal, type:
nmap -sV -p 22 (ip)
the -sV is a service scan while -p is to scan specific ports in this case, port 22. There’s other scans like the FIN scan and the SYN scan, which in nmap are:
Fin scan:
sudo -H nmap -sF -p 22 (ip)
Syn scan:
sudo -H nmap -sS -p 22 (ip)
If you wish to scan all the systems on the network simply put /24 at the end of the IP, which would look like this:
nmap -sV -p 22 (ip)/24
Once we determine that a SSH service is running on port 22, we can get cracking.
#Medusa
Medusa is a amazing online cracking tool especially cracking, SSH, Telnet, and FTP services. If you don’t have Medusa installed please type in a terminal:
sudo -H apt-get install medusa
(note that I am using Ubuntu)
Once installed type in:
medusa --help
your screen should look like my screenshot:
A very basic syntax for Medusa is:
medusa -h (host) -u (username) -P (wordlist) -M ssh
Medusa doesn’t have a bruteforce method where it will try to use every possible potential password combination, but instead uses a wordlist. A good set of wordlists that I’ve found on the internet is SecLists. Depending on how big your wordlist is and how good your internet connection is, depends on how fast medusa will try to crack the password. Usually the root account is what you’d want to try to crack or so I would think so. There are many different modules, but since we are cracking the SSH password the -M flag will be set to ssh.
Simple? I think so.
#Final Words
Welp, this tutorial is done and over with at least for now. If there’s enough interest I might go over other password cracks both online and offline, even cracking hashes. I know I didn’t go into much detail, but if you’re interested in how it works, I suggest either coding your own password cracker or research the internals. Google is a great place to start and because of the vast amount of information, this is why I didn’t go into much detail.
Please comment down below and until next time,
~Cheers!