SSH Brute Force

[hhmatt]

Running bt4 pre-final kernel update 2.6.30.9
Just wondering if I have any alternatives or options for ssh brute force.
In Hydra I get:

Code:

error: Compiled without LIBSSH support, module not available!

I've already found the quick fixes for these but was warned about reinstalling from source would make repo updates for it unusable.

So I decided to give medusa a shot.

Code:

root@bt:/# medusa -d
Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

  Available modules in "." :

  Available modules in "/usr/lib/medusa/modules" :
    + cvs.mod : Brute force module for CVS sessions : version 1.0.0
    + ftp.mod : Brute force module for FTP/FTPS sessions : version 1.3.0
    + http.mod : Brute force module for HTTP : version 1.3.0
    + imap.mod : Brute force module for IMAP sessions : version 1.2.0
    + mssql.mod : Brute force module for M$-SQL sessions : version 1.1.1
    + mysql.mod : Brute force module for MySQL sessions : version 1.2
    + nntp.mod : Brute force module for NNTP sessions : version 1.0.0
    + pcanywhere.mod : Brute force module for PcAnywhere sessions : version 1.0.2
    + pop3.mod : Brute force module for POP3 sessions : version 1.2
    + rexec.mod : Brute force module for REXEC sessions : version 1.1.1
    + rlogin.mod : Brute force module for RLOGIN sessions : version 1.0.2
    + rsh.mod : Brute force module for RSH sessions : version 1.0.1
    + smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 1.5
    + smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 1.0.0
    + smtp.mod : Brute force module for SMTP Authentication with TLS : version 1.0.0
    + snmp.mod : Brute force module for SNMP Community Strings : version 1.0.0
    + telnet.mod : Brute force module for telnet sessions : version 1.2.2
    + vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 1.0.1
    + vnc.mod : Brute force module for VNC sessions : version 1.0.1
    + web-form.mod : Brute force module for web forms : version 1.0.0
    + wrapper.mod : Generic Wrapper Module : version 1.0.1


root@bt:/#

There's no ssh.mod file.

Am I missing something that I should be doing?

[Archangel-Amael]

I am pretty sure there are a couple threads already on this.

[purehate]

This is fixed for final.

[hhmatt]

I am pretty sure there are a couple threads already on this.

Yes there is. I've read through all of them and found no answer that wouldn't "break" the repository for hydra. I was mainly posting because medusa doesn't have the ssh.mod so I was looking for an alternative option to both hydra and medusa for ssh. I found only a handful of posts about medusa and ssh on RE forums and found only 1 that pertained to this situation, and that had no responces. It looked like just an informant thread.

Just trying to figure out my options, and didn't want to thread hijack.

This is fixed for final.

Thanks for the info. Just out of curiosity. Will this be an apt-get type update or require reinstallation?

***EDIT***

Hydra is fixed now. Just do:

Code:

apt-get dist-upgrade

or if you're not running as root.

Code:

sudo apt-get dist-upgrade

Medusa still kicking up an error but it can be tracked via this thread:
http://forums.remote-exploit.org/bac...tml#post166390