The Hackr

Crack SSH, FTP, Telnet Logins Using Hydra

Hello Hackrs! Today, we’re gonna crack or bypass the SSH , FTP or Telnet logins over a network using Hydra.

Hydra is a parallelized login cracker. It can perform very fast dictionary attacks against many protocols. It supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. It is often regarded as very fast network logon cracker.

It makes it possible for researchers and security analysts to show how easy it would be to gain unauthorized access to a system remotely.

Which Platforms Does Hydra Support?

Hydra runs finely on Linux, Windows. Solaris, FreeBSD/OpenBSD, QNX and OSX. On Ubuntu, it can be installed from the synaptic package manager. On Kali, it is pre-installed. So, we’re use our Kali machine for this demo.

Demo:

Step 1 Fire Up Kali

Boot into Kali or any machine with Hydra installed on it. You can also use Kali Live USB to boot anywhere directly without actually installing it.

kali login

Step 2 Search for Open SSH ports in a network

Open nmap or zenmap to find the open ssh port in the network by simply typing

nmap 172.27.16.19 -p22

hydra nmap

  • 172.27.16.19 -> victim host IP
  • -p -> strict the nmap to user defined port
  • 22 -> port by default used for ssh

Step 3 Start Hydra

Now that you have found the victim host with ssh open, use Hydra tool by simply typing

hydra -t 1 -l admin -P /usr/share/john/password.lst -vV 172.27.16.19 ssh

hack ssh hydra

  • t -> it tells how many parallel threads Hydra should create.
  • l -> username or login to use.
  • P -> path to password list or the word list.
  • v -> verbose.
  • V -> it is used for printing every password being tried.
  • 172.27.16.19 -> ip of the victim host.
  • ssh -> name of the service to carry on the attack.

Note

The time for cracking might vary from few minutes to some million years. It solely depends on the complexity on the password. Let us know your queries in the comments below!

Sreehas

The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯

up