Results 1 to 4 of 4

Thread: ssh bruteforcing

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    9

    Default ssh bruteforcing

    Hi guys,

    I need some help. There is a friend of mine, who's got a server. He knows all the ssh passwords (for the home dir, and so on), but yesterday he changed the root password, and something went wrong.

    It is possible that he mistyped it, or wrote it down wrong, but still he is unable to log in. So I was joking that "we can use hydra/medusa for that", but now it seems, this would be the only solution, if he can't login today, he said, we should try bruteforcing it tomorrow. This is a legal bruteforcing, nobody is hacking anything.

    What we know:
    - it should be 6 characters (although if he accidentally pushed a button, it is 7)
    - the first 3 characters are numbers, fourth and fifth characters are alphabets (he remembers these ones), and one number at the end

    My questions are:
    - I've read medusa is better for ssh, is it true?
    - how should I feed medusa with a wordlist?
    - how should I use medusa without crashing the server?

    Thanks a lot

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by tijstijs View Post
    Hi guys,

    I need some help. There is a friend of mine, who's got a server. He knows all the ssh passwords (for the home dir, and so on), but yesterday he changed the root password, and something went wrong.

    It is possible that he mistyped it, or wrote it down wrong, but still he is unable to log in. So I was joking that "we can use hydra/medusa for that", but now it seems, this would be the only solution, if he can't login today, he said, we should try bruteforcing it tomorrow. This is a legal bruteforcing, nobody is hacking anything.

    What we know:
    - it should be 6 characters (although if he accidentally pushed a button, it is 7)
    - the first 3 characters are numbers, fourth and fifth characters are alphabets (he remembers these ones), and one number at the end

    My questions are:
    - I've read medusa is better for ssh, is it true?
    - how should I feed medusa with a wordlist?
    - how should I use medusa without crashing the server?

    Thanks a lot
    Do you have physical access to the system? Grabbing passwd and shadow using a boot disk like BackTrack and feeding them into john would be a quicker way to retrieve the password.

    Usage info for medusa and a comparision between medusa and hydra is included at the link below - the medusa homepage!
    Foofus Networking Services - Medusa

    Theres nothing too specific there about the various merits of each for ssh cracking.

    Create your own custom wordlist based on the known parameters and feed this in.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    9

    Default

    Quote Originally Posted by lupin View Post
    Do you have physical access to the system? Grabbing passwd and shadow using a boot disk like BackTrack and feeding them into john would be a quicker way to retrieve the password.
    Create your own custom wordlist based on the known parameters and feed this in.
    Thanks for the fast reply!

    Of course, we have physical access, but it's a lot more complicated then trying out a few passwords remotely. Of course, if medusa fails we'll go to the server room.

    Anyway, could you please post a guide, how to create a custom wordlist? thanks!

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by tijstijs View Post
    Anyway, could you please post a guide, how to create a custom wordlist? thanks!
    Try crunch
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •