Automate SSH Brute Force Attack [4 Methods]
SSH brute force attacks are a type of cyber attack that is becoming increasingly common. They involve the use of automated software to try and gain access to a system by guessing its username and password. The attack usually begins with the attacker trying to connect to the system using a variety of usernames and passwords. If the hacker is successful, they can gain full access to the system, including sensitive data and applications.
The most common way for attackers to gain access is through a dictionary attack. This type of attack uses a pre-defined list of commonly used usernames and passwords. The attacker will use these to try and gain access to the system. If the attacker is successful, they can gain access to the system and can then use it for malicious purposes.
In this guide, I will be showing you how bad actors can perform SSH brute force attacks on a vulnerable target system remotely.
Performing an SSH brute force attack on a target without obtaining the consent of the involved parties is illegal and is punishable by law. To avoid being on the wrong side of the law, we recommend our students to set up a virtual penetration lab where they can perform attacks in a safe environment.
Requirements
- PC running on Kali Linux.
- Dockerized metasploitable (This will be our target system).
- Basic knowledge of how to use various brute forcing tools.
- Nmap
- Metasploit
- Patator
- Ncrack
- xHydra
Scanning for SSH open port (22)
Before launching an SSH brute force attack on our target, the first step is to determine whether the SSH port is open on the target system. We start by using Nmap to check for open ports. In our case, we have a running Metasploitable docker instance with IP 172.17.0.2. To start scanning we use the command.
As shown in the image above, we have the SSH port (22) open. We can now proceed to start performing SSH brute force attacks on our target system.
xHdra
xHydra is the graphical version of Hydra. We can use xHydra to automate an SSH brute force attack on the target system. To perform the attack we provide the target IP address and specify the port and the service we want to brute force as shown in the image below.
On the next tab, we are required to provide the location of both the username file and the password file. In our case, we used Crunch to generate possible usernames and passwords combination. For us to use these files, we have to indicate their location on the computer storage as shown in the image below.
After we have provided these details, we can start the SSH brute force attack. In some cases, the servers limit the number of requests made by a client to avoid this kind of attack. XHydra has a tuning tab from where you can customize such details to make your attack effective. Depending on the number of tasks you have configured xHydra to run the attack and the size of your wordlists, the attack will take some time to complete, and once the valid login credentials are found they will be displayed as shown in the image below.
Ncrack
Ncrack is a tool used to attempt to crack network authentication via brute force attack. It was developed to assist organizations to manage network security by dynamically checking each host and each piece of network infrastructure for security flaws. We just need one command to launch an SSH brute force attack with Ncrack as shown in the image below.
ncrack -v -U /home/kali/Desktop/usernames.txt -P /home/kali/Desktop/passwords.txt 172.17.0.2:22
Patator
Patator is a multi-threaded tool written in Python that focuses on being more reliable and flexible than other brute-forcing tools. It is useful for making brute force attacks on several ports such as FTP, HTTP, POSTGRES, SMB, etc. To launch an SSH brute force attack on Patator, we have to provide various parameters; the script to use for the brute force attack (in this case, we are using ssh_login), the host the users file, and the password file. The command for SSH brute force attack has the below syntax.
patator ssh_login host=172.17.0.2 user=FILE0 0=/home/kali/Desktop/usernames.txt password=FILE1 1=/home/kali/Desktop/passwords.txt
Metasploit
Metasploit being the world’s most used penetration testing framework, can also be used to perform SSH brute force attacks. To perform the attack we first launch Metasploit using the command.
Once launched we have to provide the required details for us to start the SSH brute force attack. The required information for this attack includes; the target IP address, the target port, the username, and the password list to use to brute force as shown in the image below.
Once all the details are provided, we can run to start SSH brute force attack using the provided lists. Depending on the size of your wordlists and other factors such as the number of threads you have set, it will take some time for valid credentials to be found and displayed as shown in the image below.
Conclusion
The best way to protect against SSH brute force attacks is to use strong passwords. Passwords should be at least 8 characters long and should contain a combination of upper and lower case letters, numbers, and special characters. Additionally, it is important to keep the passwords updated regularly and not use the same password for multiple accounts.
Another way to protect against SSH brute force attacks is to use two-factor authentication. This requires the user to enter two sets of credentials before gaining access, making it much harder for hackers to gain access. Additionally, it is important to keep the system updated with the latest security patches and to use antivirus software to detect any malicious activity.
Finally, it is important to monitor the system for any suspicious activity. If any suspicious activity is detected, it is important to take the necessary steps to block the attack. This can include banning the IP address from which the attack originated, or blocking the port used for the attack.
By following these steps, it is possible to greatly reduce the risk of an SSH brute force attack. However, it is important to remember that no security measure is foolproof and it is always important to remain vigilant.
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
Leave a Comment Cancel reply
Ethical Hacking Tutorial
- Install Kali Linux
- Create Kali Linux bootable USB
- Dual boot Ubuntu with Kali Linux
- Install Kali Linux on VirtualBox
- Install Kali Linux on Raspberry Pi
- Install Kali Linux on Android
- Install Kali Linux on Apple M1 with UTM
- Setup Virtual PenTesting Lab
- Setup Android Pentesting Lab
- Setup Hacking Lab
- Manage Pentest Projects with Cervantes
- Nettacker — Automated Pentesting Framework
- MobSF: Android App Pentesting
- APKHunt: Android App Pentesting
- Hack Social Media Accounts — ZPhisher
- Analyze phishing email — Thephish
- Install Gophish phishing framework
- Gophish Phishing Campaign
- FiercePhish Phishing Campaign
- Snapchat Phishing using Grayfish
- Using SocialFish to Hack Credentials
- Social Engineering Toolkit Credentials Phishing
- Lockphish V2.0 PIN phishing attack
- Evil Twin WiFi Attack with Airgeddon
- Browser-in-the-Browser Attack
- Install Caine OS for Forensic Analysis
- Install Metasploit Framework
- Install OWASP Juice Shop
- Install DVWA
- Install Tor Browser
- Install Pyrit
- Embed payload in PDF File
- Embed Metasploit Payload on APK
- Payload Injection — Shellter
- Obfuscate Android Payload — ApkBleach
- Create windows undetectable payload — Technowlogger
- Learn hacking with Metasploitable
- Network Reconnaissance with Nmap
- BEeF Hacking Framework
- Intercept Network Traffic
- Track IP Address using Image
- Find Hidden Endpoints
- Using WiFi Honeypot for Ethical Hacks
- Hack Wi-Fi password
- Encode message in image — Steganography
- Shodan — The Search Engine for Hackers
- L3MON — Hack Android Mobile Remotely
- Torshammer — Perform DDoS attack
- Local File Inclusion Attack
- Using Xerosploit
- Using Arpspoof
- DVWA SQL Injection Exploitation
- DVWA Exploits
- Kali Vulnerability Scanner Tools
- WPScan: WordPress Vulnerability Scanner
- The Best 5 OSINT Tools
- Using Infooze Tool
- Using Mitaka Tool
- Create Reverse Shell
- WordPress Reverse Shell
- Subdomain Enumeration Tools
- SMTP Enumeration Tools
- DNS Enumeration Tools
- Wordlist Generator using Crunch
- Automate SSH Brute Force Attack
- Fuzzing Tools for Web Application Pentesting
- Bypass CSRF Protection
- Password Cracker — John The Ripper (JTR)
- Crack Hashed Password — Hashview
- Attack Login Forms with Burpsuite and THC-Hydra
- Perform Postgres DB Brute Force Attack
- Perform VNC Brute Force Attack