Results 1 to 4 of 4

Thread: SSH Brute Force

Hybrid View

  1. #1
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default SSH Brute Force

    Running bt4 pre-final kernel update 2.6.30.9
    Just wondering if I have any alternatives or options for ssh brute force.
    In Hydra I get:
    Code:
    error: Compiled without LIBSSH support, module not available!
    I've already found the quick fixes for these but was warned about reinstalling from source would make repo updates for it unusable.

    So I decided to give medusa a shot.

    Code:
    root@bt:/# medusa -d
    Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
    
      Available modules in "." :
    
      Available modules in "/usr/lib/medusa/modules" :
        + cvs.mod : Brute force module for CVS sessions : version 1.0.0
        + ftp.mod : Brute force module for FTP/FTPS sessions : version 1.3.0
        + http.mod : Brute force module for HTTP : version 1.3.0
        + imap.mod : Brute force module for IMAP sessions : version 1.2.0
        + mssql.mod : Brute force module for M$-SQL sessions : version 1.1.1
        + mysql.mod : Brute force module for MySQL sessions : version 1.2
        + nntp.mod : Brute force module for NNTP sessions : version 1.0.0
        + pcanywhere.mod : Brute force module for PcAnywhere sessions : version 1.0.2
        + pop3.mod : Brute force module for POP3 sessions : version 1.2
        + rexec.mod : Brute force module for REXEC sessions : version 1.1.1
        + rlogin.mod : Brute force module for RLOGIN sessions : version 1.0.2
        + rsh.mod : Brute force module for RSH sessions : version 1.0.1
        + smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 1.5
        + smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 1.0.0
        + smtp.mod : Brute force module for SMTP Authentication with TLS : version 1.0.0
        + snmp.mod : Brute force module for SNMP Community Strings : version 1.0.0
        + telnet.mod : Brute force module for telnet sessions : version 1.2.2
        + vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 1.0.1
        + vnc.mod : Brute force module for VNC sessions : version 1.0.1
        + web-form.mod : Brute force module for web forms : version 1.0.0
        + wrapper.mod : Generic Wrapper Module : version 1.0.1
    
    
    root@bt:/#
    There's no ssh.mod file.

    Am I missing something that I should be doing?

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    I am pretty sure there are a couple threads already on this.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    This is fixed for final.

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Quote Originally Posted by archangel.amael View Post
    I am pretty sure there are a couple threads already on this.
    Yes there is. I've read through all of them and found no answer that wouldn't "break" the repository for hydra. I was mainly posting because medusa doesn't have the ssh.mod so I was looking for an alternative option to both hydra and medusa for ssh. I found only a handful of posts about medusa and ssh on RE forums and found only 1 that pertained to this situation, and that had no responces. It looked like just an informant thread.

    Just trying to figure out my options, and didn't want to thread hijack.

    Quote Originally Posted by pureh@te
    This is fixed for final.
    Thanks for the info. Just out of curiosity. Will this be an apt-get type update or require reinstallation?

    ***EDIT***

    Hydra is fixed now. Just do:
    Code:
    apt-get dist-upgrade
    or if you're not running as root.
    Code:
    sudo apt-get dist-upgrade

    Medusa still kicking up an error but it can be tracked via this thread:
    http://forums.remote-exploit.org/bac...tml#post166390

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •