Compromise SSH (Secure Shell) using Kali Linux

In this article we are going to discuss how to penetrate or compromise SSH (Secure Shell) using Kali Linux. Basically secure shell (SSH) protocol is a network protocol mainly used to establish an encrypted communication channel across an open network between a server and a client. Commonly, a public-private key pair allows users to log in to a system without requiring the password.

Compromise SSH (Secure Shell) Overview


The public key is present on all systems that require a secure connection, while the user keeps the private key secret. The authentication is based on the private key; SSH verifies the private key against the public key. On the target systems, the public key is verified against a list of authorized keys that are permitted to remotely access the system. This supposedly secure communication channel fails when the public key is not cryptographically strong and can be guessed.

Compromise SSH - Methodology


Like RDP, SSH is vulnerable to a bruteforce attack that enable attackers to guess the user's access credentials or simply the. For this particular example, we'll use a tool called hydra. The hydra tool is probably the oldest bruteforce tool and is definitely the most feature-rich tool. It also supports attacks against the greatest number of target protocols. The hydra tool can be found by navigating to Kali Linux → Password Attacks → Online Attacks, and this tool can be launched directly from the command line. This tool supports both: the CLI (command-line version) and the GUI version (hydra-gtk). We can use hydra from the terminal using the following command:



root@kali:~# hydra -s 22 -v -V -L <file path/name>
-P <file path/name> -t 8 <Target IP><protocol>


Above command parameters explained below:

  1. -s: designates port to be used basically this speed up the process but does not need to be entered when the default port is intended to be used, it is used to remove ambiguities.

  2. -v and -V: These parameters are used to select maximum verbosity of reports.

  3. -L: To choose the login or username file.

  4. -P: To choose the password file.

  5. -t: To select number of parallel tasks or connections. If greater the number, the faster the testing will occur. However, if the number is too high, errors may be introduced and correct passwords will be missed.


Verbose output of the initial bruteforce attack are presented in the following screenshot:

compromise SSH

After successful login by using the dictionary, hydra reports the port, the protocol, the host, and the login credentials. Then this tool continues to use the dictionaries to identify the other possible accounts. Following screenshot explains all the things, hydra has correctly identified an SSH account with root as the login and hacker!@1 as the
password; the screenshot also shows the other attempts made by hydra as it attempts to identify additional accounts:

compromise SSH

We can autocreate the password list through hydra, use the following command to perform this task:

root@kali:~# hydra -L user.lst -V -x 6:8:aA1 < Target IP address> SSH



Parameters used in the above command are described below:

  1. -x: directs hydra to automatically create the passwords used in the bruteforce attack. The passwords will be created according to the parameters that follow -x.

  2. 6:8: indicates a minimum password length of six characters and a maximum password length of eight characters.

  3. aA1: to automatically create the passwords using a combination of letters and numbers. It will use all lowercase letters (denoted by a) and all uppercase letters (denoted by A), and the numerals 0 to 9 (denoted by 1).


We can also add special characters to generated list; however, you need to add single quotes around the -x option, as shown in the following command:

root@kali:~# hydra -L user.lst -V -x '6:8:aA1!@#$' < Target IP address> SSH

Thanks for reading. I would recommend you to read my article on KRACKs attacks also.

COMMENTS

Name

AC Milan,5,Arsenal,10,Atalanta,7,Atletico Madrid,8,Barcelona,17,Bayern München,8,Bundesliga,18,Business,1,Chelsea,14,Coronavirus,2,Cristiano Ronaldo,13,Dortmund,3,Ethical Hacking,46,Exploitation,35,FA Cup,2,Featured,272,Football,285,Footprinting,29,Google Adsense,2,Inter Milan,7,Juventus,16,Kali Linux,39,Kali NetHunter,3,LaLiga,57,Lazio,6,Leicester City,8,Ligue 1,36,Liverpool,14,Lyon,6,Make Money,3,Manchester City,18,Manchester United,16,Messi,3,Metasploit,1,Napoli,5,Offensive Security,17,Penetration Testing,15,Politics,2,Post Exploitation,19,Premier League,78,PSG,7,Real Madrid,15,Roma,4,Search Engine Optimization,4,Serie A,44,Sevilla,3,Sports,256,Technology,36,Tips,16,Tottenham Hotspur,11,Trending,500,UEFA Champions League,10,UEFA Europa League,11,United States,1,Windows,7,World News,7,
ltr
item
My Hack Stuff: Compromise SSH (Secure Shell) using Kali Linux
Compromise SSH (Secure Shell) using Kali Linux
https://myhackstuff.com/wp-content/uploads/2018/01/1-1024x303.png
My Hack Stuff
https://www.myhackstuff.com/2018/01/compromise-ssh-secure-shell-using-kali.html
https://www.myhackstuff.com/
https://www.myhackstuff.com/
https://www.myhackstuff.com/2018/01/compromise-ssh-secure-shell-using-kali.html
true
1336489415246004999
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content