Cracking SSH Password with Medusa

Hello NullSec, Joker here with another Tutorial. This time I am gonna explain how to crack the password of a SSH which is one of several services that can be cracked with a Password Cracker like Hydra and Medusa. Of course there are other ways to obtain the password like Social Engineering, Exploit, etc. But one of the common ways is of course cracking the password itself.


Before we get cracking, we must first determine the system is running a SSH service. Most likely SSH will be running on Port 22, which is what we will be using with Nmap. In a terminal, type:
nmap -sV -p 22 (ip)
the -sV is a service scan while -p is to scan specific ports in this case, port 22. There’s other scans like the FIN scan and the SYN scan, which in nmap are:

Fin scan:
sudo -H nmap -sF -p 22 (ip)

Syn scan:
sudo -H nmap -sS -p 22 (ip)

If you wish to scan all the systems on the network simply put /24 at the end of the IP, which would look like this:
nmap -sV -p 22 (ip)/24
Once we determine that a SSH service is running on port 22, we can get cracking.

Medusa is a amazing online cracking tool especially cracking, SSH, Telnet, and FTP services. If you don’t have Medusa installed please type in a terminal:
sudo -H apt-get install medusa

(note that I am using Ubuntu)

Once installed type in:
medusa --help
your screen should look like my screenshot:

A very basic syntax for Medusa is:
medusa -h (host) -u (username) -P (wordlist) -M ssh

Medusa doesn’t have a bruteforce method where it will try to use every possible potential password combination, but instead uses a wordlist. A good set of wordlists that I’ve found on the internet is SecLists. Depending on how big your wordlist is and how good your internet connection is, depends on how fast medusa will try to crack the password. Usually the root account is what you’d want to try to crack or so I would think so. There are many different modules, but since we are cracking the SSH password the -M flag will be set to ssh.

Simple? I think so.

#Final Words
Welp, this tutorial is done and over with at least for now. If there’s enough interest I might go over other password cracks both online and offline, even cracking hashes. I know I didn’t go into much detail, but if you’re interested in how it works, I suggest either coding your own password cracker or research the internals. Google is a great place to start and because of the vast amount of information, this is why I didn’t go into much detail.

Please comment down below and until next time,



On how to check SSH? Password cracking is a dead simple process granted, however there are some people here just entering the industry.

Be humble, you didn’t come out the womb writing 0days.


I have to agree with @simonuvarov here, this is the fist step to become yet another skiddie garden :\


I have to agree (although we all were skiddies once :wink:)
This is very basic information which could help newbies. However in my opinion, it somehow lacks background information. Newbies will never “get to the next level” with simple “how to hack x” information.


What most here fail to realize is that the “next level” is already on here. If you don’t know what I mean, just go to the homepage and scroll for a few minutes. What we ARE lacking however is introductory material for the freshmen just entering the industry. If you’d take time to visit Discord or IRC you’d see we have a ton of people who just entered the industry, just like myself, and they are all good people. Is it them you want to feel left out? Is it them who aren’t welcome here? is that what y’all want?

1 Like

To the people against @Red_Joker’s post:

I know for a fact that @Red_Joker thought of your “discouraging” feedback (which you have all the rights to give ofc) and yet still posted it. That’s pretty brave considering the fact that this forum has really elite people around. Some people start off on the right path, some others fail miserably in the beginning and find their why later on.

I believe @Red_Joker’s intention was to help a fresh newbie. You can never know how a “skid” post will benefit the reader. What if a newbie stumbled upon this post and it was his/her first time getting to know nmap? What if that person gets so amazed by nmap that ends up learning C and contributing to the project and becoming a core dev?

I can guarantee you that no matter how good you think you are, there are folks in here who outwork you, outsmart you and make you look like skids no matter how knowledgeable you might be.

Be humble and never underestimate outsiders.


First of all I kinda “disagree” with all of you making a debate of principles out of this under @Red_Joker’s post.

This is an important thing to note.

  • If you feel superior and don’t learn anything by briefly reading over an article then skip it.
  • If you learn something or the topic was extra ordinary well written comment on it and leave a like.
  • If the post was just badly formatted you still can share your thoughts, so the reading experience will be improved for the next people.

But stating this is “scrub stuff” doesn’t belong under any post.

Everyone has their “field of research”, but as already stated multiple times, people have to start somewhere.

As long as these topics don’t evolve into: “HOW TO HACK YOUR GF FACEBOOK ACCOUNT WITH THIS 1337 TOOL KEK” I’m more than fine with entry level posts…

I end my statement with a quote again:

Case closed.

Peace out~


Trust me, that’s absolutely the least I want. Also, this wasn’t my point here. I’m sorry if I didn’t put it in the right words.

My point was that if you don’t provide some background information here, or give newbies some stuff to read further, I’m afraid they won’t benefit much.

I don’t wanna bash @Red_Joker in any way, but rather provide some constructive feedback. So here it is:

  • An infographic about the most common passwords used by people
  • Add some basic words about the concept of bruteforce at the top. This may seem simple to us, but will be very useful for newbies.
  • => That this is called a Dictionary attack
  • (Maybe a link to Brute-Force Attacks - Basic Concept)
  • How to install Medusa on non-apt systems
  • Maybe broaden the post that Medusa can also be used for other services like POP3
  • How to discover if SSH is not running on port 22
  • => link to Recon: Nmap Basics

I think what makes this community unique is the kindness and warmness everybody is welcomed here. By making quality, but also newbie-friendly posts we can ensure that this stays.

Again, sorry if I wasn’t clear here.

All the Best, SmartOne


I absolutely agree… the tut is more of a cheatsheet, but after a review it could’ve been better. There’s always room for improvement. I got lazy toward the end and I admit that much. By the way, it’s alright @SmartOne, you’re entitled to your opinion. Don’t apologize.


1 Like