AttackNmapPassword Cracking

How to Crack SSH Password with Brute Force Attack

Password Cracking:SSH for Brute force

In this article, we will learn how to get control of a victim’s PC via SSH Port. There are many ways we can crack the SSH port password. Let’s take a moment to read all of that because sometimes different situations require a different scale.


Secure Shell is one of the most common network protocols, often used to remotely operate devices on an encrypted network. However, SSH tends to force a password. Key-based authentication is highly secure, and private keys can be encrypted for added security. But even that does not prevent characters as SSH secret key passwords can be hacked using Brute force Attack.

Also Read : How to Find Out Someone’s IP Address from Telegram

Also Read : How to Hack Instagram with BruteForce Hacking Tool

Bruteforce is one of the oldest robberies, and it is one of the simplest automatic attack methods that requires little knowledge and intervention. This attack involves multiple attempts to log in using the same username and passwords. This attack can be prevented by blocking users more than X number of attempts per minute. Usually when the attacker already knows this username, in this tutorial we will assume we know the username, we will crack the password using different tools.

Top 6 Ways to Cracking SSH Password


Navigation of Contents :-


Also Read : How to Install Burpsuite on Linux & Android Termux Devices

Cracking SSH Password


Run Termux :

Fast Install Linux Your Termux Your Android Devices read this Post & Articles how to Install Linux Termux App. Using Termux Linux & Using Linux Installation Commands Step by Step

Also Read : How to Install Kali NetHunter Android Termux No Root

AIso Read : How to Install & Run Ubuntu on Android Termux No Root

Run Linux:


1. Metasploit

Collaboration between open source community and Rapid 7. Helps security teams do more than verify risk, manage security surveillance, and improve security awareness. Brute force Attack

This module will check SSH entry on the machine list and report successful login. Once we have downloaded the website plugin and linked to the site this module will record the successful login and host that you can access.

But first, open the kali terminal and type “msfconsole” .Then follow these instructions.

 use auxiliary/scanner/ssh/ssh_login 
set rhosts
set user_file user.txt
set pass_file password.txt

From the screenshot provided, we can see that we have successfully captured the SSH password and username. In addition, Metasploit offers additional benefits by providing a command system shell in our unauthorized access to the victim system.


2. Hydra

Hydra is a compatible login cracker that supports multiple attack protocols. Fast, flexible, and new modules are easy to add to attack. This tool makes it possible for the researcher and security coordinators to show how easy it can be to obtain unauthorized access to the system remotely. We use it as follows to break login. brute force attack

hydra -L user.txt -P password.txt ssh

Where the [-L] parameter is used to provide a username list and the [-P] parameter is used to provide a password list. Once the instructions are issued it will start using the dictionary attack and you will get the correct username and password. After a few minutes, hydra breaks the identity, as we can see that we have successfully held the username “shubh” and password as “123“.

3. X-Hydra

It is a version of the Hydra GUI; can be used for both offline and online password cracking. It has all the features and benefits of Hydra in GUI form. Let’s start the attack by opening the tool. After you have opened this tool to the target, it will ask us about the target, the service port number, the protocol service name, and any other specific output options we require in our attack.

When we finish the information on the target tab, we need to switch to the password tab, where we need to fill in or browse the username and password list for the brute force attack. There are some additional options available on the tab such as Try to login as a password, try an empty password, and Try to undo the login.

When we complete the required attack details, we need to change the tab to start attacking the victim’s server.

As we see we are issuing guarantees on our attacks.

4. Medusa

Medusa is a fast, flexible, and modular tool that allows you to sign in with brutal force. Its goal is to support as many resources as possible with as much authentication as possible. Key features of this tool are web-based testing, flexible user input, Modular design, and many supported protocols. We’ll use this command to break this log.

Run the following command.

medusa -h -U user.txt -P password.txt -M ssh

When [- h] uses to provide the victim’s Internet address, [- U] defines a user list method, [- P] defines a password list method, [- M] to select an attack method. Now, the dictionary attack process will begin. Thus, we will get our victim’s username and password.


5. Patator

this tool is a multi-purpose brute-forcer, with modular design and flexible use. Patator was written due to frustration using Hydra modules, Medusa, Ncrack, Metasploit, and Nmap NSE scripts for password guess attacks. I have chosen a different way of not creating another tool that is cruelly coercive and avoid repeating the same mistakes. Patator is a multi-threaded tool written in Python, which strives for greater reliability and flexibility than its predecessors.

It is very useful to do brute force attacks on several ports like FTP, HTTP, SMB, etc.

patator ssh_login host= user=FILE0 0=user.txt password=FILE1 1=password.txt

From the screenshot provided below, we can see that the dictionary attack process is starting, and with that, you will get our victim’s username and password.


6. Ncrack

Ncrack is a network authentication tool, which helps the pen tester to determine if the protections securing network access are at risk. This tool is part of the Kali Linux arsenal and comes pre-packaged with its own package. It also has a unique feature of multi-target attacks at one time, which is less noticeable on these tools. Launch the following command to run port 22 with Ncrack.

crack -U user.txt -P password.txt

When [- U] helps us to provide a list of users, [- P] helps us to provide a password list, and [-p] will help us provide the victim’s port number. We see that we have successfully violated SSH verification. Brute force Attack


Also Read : How to Hack Android Phone Screen Mirror Live Activity

Also Read : Trace Phone Numbers With PhoneInfoga in Termux & Linux


Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking. I’m currently learning more about Hacking, Web Design, Android ROM, Mod Hacking App
Notify of
Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x