unable to use hydra for ssh pen testing
i am running some penetration tests against my ssh server and hydra is preventing me from doing so. i used to be able to use hydra to pen test ssh no problem but recently i have been getting the same message like in the box below. i am wondering why it is doing this and what do i need to install or start in order for it to work in pen testing ssh
Code:
hydra -l root -P /root/Desktop/passwords.txt -vV 192.168.1.103 ssh |
Off the top of my head,
iptables/firewall limit rule/s? fail2ban? |
these are freshly installed operating systems and iptables and other types of firewalls aren't installed so the firewall is most likely not the case
|
Freshly installed or not; forgetting Hydra for a moment, can you ssh root@target.host from the pentest machine to the target?
I recall a fresh install of CENT that dropped all traffic which was not expressly allowed with an ICMP 'destination unreachable'. |
yes i am able to ssh into the machine as root
|
Good,
So is it doing its default 16 threads and getting no response to all of them, or gagging at 16 threads? Anything in /var/log/auth or equivalent? If you are 100% sure that you can SSH to the machine from the pentest host, and that you have no rate control protection biting then I'd check: Right version of SSH being specified (2)? MaxAuthTries in sshd_config??? Other than that I'd TCPDump the client and look to see what is happening at a packet level and see if it sheds any light on it. |
just fixed it (kinda when it went to the actual password on the list for root it skipped it) but overall it's something. instead of doing it like the way i was doing i instead put the command in like this
Code:
hydra <ip address> ssh -vV -L <login list> -P <password list> -e s -t 10 Code:
hydra -L <login list> -P <password list> -vV <ip address> telnet |
Glad you got it working.
Nobody uses telnet? Are you serious? Probably half of the worlds SOHO gateway / routers use telnet. It's one of the easiest ways in to small networks (and even some Cisco devices)! Hydra is probably the worlds #1 for getting into them. |
All times are GMT -5. The time now is 11:41 AM. |