TL;DR
This guide shows you how to brute-force an SSH login with a password that’s only four letters long. It uses the hydra tool, which is common for this type of attack. Warning: Brute-forcing without permission is illegal and unethical. This information is for educational purposes only.
Prerequisites
- A Linux machine (Kali Linux is ideal).
- Root or sudo access.
- The target SSH server’s IP address.
hydrainstalled. If not, install it with:sudo apt update && sudo apt install hydra
Steps
- Gather Information
- Confirm the SSH service is running on port 22 (or another port if it’s been changed). You can use:
nmap -p 22 <target_ip> - Identify the username. Common usernames include ‘root’, ‘admin’, or a user you might know exists on the system.
- Install hydra (if necessary)
- Run Hydra to Brute-Force the Password
- Use the following command structure. Replace placeholders with your actual values:
-l <username>: Specifies the username to attempt login with.-P /usr/share/wordlists/rockyou.txt: Specifies the wordlist file containing potential passwords.rockyou.txtis a common, large password list. You may need to unzip it first:gunzip rockyou.txt.gz. If you don’t have this file, download one from the internet (be careful about malware!).
<target_ip>: The IP address of the target SSH server.ssh: Specifies the service to attack (SSH).- For a 4-letter password, you can create a custom wordlist for faster results. A simple script could generate this:
#!/bin/bash for i in {aaaa..zzzz}; do echo $i done > four_letters.txtThen use that file with hydra:
hydra -l <username> -P four_letters.txt <target_ip> ssh - Monitor the Output
- Stop Hydra and Log In
As mentioned in prerequisites, use
sudo apt update && sudo apt install hydra.
hydra -l <username> -P /usr/share/wordlists/rockyou.txt <target_ip> sshHydra will attempt each password in the wordlist against the SSH server. Watch for a message indicating a successful login, like “[STATUS] 1 target successfully logged in”.
Once you have a valid password, press Ctrl+C to stop hydra. Then use ssh to log into the server using the username and password you discovered.
Important Considerations
- Rate Limiting: SSH servers often implement rate limiting to prevent brute-force attacks. This can slow down or block your attempts.
- Account Lockout: Some systems lock accounts after a certain number of failed login attempts.
- Firewalls and Intrusion Detection Systems (IDS): These security measures may detect and block hydra’s activity.
- Wordlist Choice: The effectiveness of the attack depends heavily on the quality of your wordlist. A larger, more relevant wordlist increases your chances of success but also takes longer to process.