LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   unable to use hydra for ssh pen testing (https://www.linuxquestions.org/questions/linux-security-4/unable-to-use-hydra-for-ssh-pen-testing-921903/)

baronobeefdip 01-03-2012 10:07 PM
unable to use hydra for ssh pen testing
 
i am running some penetration tests against my ssh server and hydra is preventing me from doing so. i used to be able to use hydra to pen test ssh no problem but recently i have been getting the same message like in the box below. i am wondering why it is doing this and what do i need to install or start in order for it to work in pen testing ssh
Code:
hydra -l root -P /root/Desktop/passwords.txt -vV 192.168.1.103 ssh
Hydra v7.1 (c)2011 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2012-01-03 22:07:11
WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] 16 tasks, 1 server, 27 login tries (l:1/p:27), ~1 try per task
[DATA] attacking service ssh on port 22
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vdfsdr" - 1 of 27 [child 0]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vsvdsdfv" - 2 of 27 [child 1]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "svfdsdfvfdsv" - 3 of 27 [child 2]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vdfvdf" - 4 of 27 [child 3]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vdfvdsfv" - 5 of 27 [child 4]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vffdvfdghngh" - 6 of 27 [child 5]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "nghndfgnbg" - 7 of 27 [child 6]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "bgfbdgfb" - 8 of 27 [child 7]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "root" - 9 of 27 [child 8]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vsffdgvsdfv" - 10 of 27 [child 9]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "fdvsdfvfs" - 11 of 27 [child 10]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "herbie" - 12 of 27 [child 11]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vdfsvsdf" - 13 of 27 [child 12]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vfsdvfsdv" - 14 of 27 [child 13]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vfdvdfv" - 15 of 27 [child 14]
[ATTEMPT] target 192.168.1.103 - login "root" - pass "vdsfv" - 16 of 27 [child 15]
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
Error: could not connect to target port 22
^C[ERROR] Received signal 2, going down ...
[VERBOSE] Writing restore file... done
The session file ./hydra.restore was written. Type "hydra -R" to resume session.

fukawi1 01-03-2012 11:08 PM
Off the top of my head,
iptables/firewall limit rule/s?
fail2ban?

baronobeefdip 01-03-2012 11:33 PM
these are freshly installed operating systems and iptables and other types of firewalls aren't installed so the firewall is most likely not the case

leslie_jones 01-04-2012 01:34 AM
Freshly installed or not; forgetting Hydra for a moment, can you ssh root@target.host from the pentest machine to the target?
I recall a fresh install of CENT that dropped all traffic which was not expressly allowed with an ICMP 'destination unreachable'.

baronobeefdip 01-04-2012 10:25 AM
yes i am able to ssh into the machine as root

leslie_jones 01-04-2012 10:44 AM
Good,

So is it doing its default 16 threads and getting no response to all of them, or gagging at 16 threads?
Anything in /var/log/auth or equivalent?

If you are 100% sure that you can SSH to the machine from the pentest host,
and that you have no rate control protection biting then I'd check:

Right version of SSH being specified (2)?
MaxAuthTries in sshd_config???

Other than that I'd TCPDump the client and look to see what is happening at a packet level and see if it sheds any light on it.

baronobeefdip 01-04-2012 07:50 PM
just fixed it (kinda when it went to the actual password on the list for root it skipped it) but overall it's something. instead of doing it like the way i was doing i instead put the command in like this
Code:
hydra <ip address> ssh -vV -L <login list> -P <password list> -e s -t 10
for telnet (which is less secure and nobody uses it anyway) i put this one in
Code:
hydra -L <login list> -P <password list> -vV <ip address> telnet

leslie_jones 01-05-2012 12:53 AM
Glad you got it working.

Nobody uses telnet? Are you serious? Probably half of the worlds SOHO gateway / routers use telnet. It's one of the easiest ways in to small networks (and even some Cisco devices)! Hydra is probably the worlds #1 for getting into them.


All times are GMT -5. The time now is 11:41 AM.