• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Hack SSH server with Xhydra

Currently reading:
 Hack SSH server with Xhydra

Loading....

Member
LV
1
Joined
Jul 23, 2023
Threads
14
Likes
5
Awards
4
Credits
1,617©
Cash
0$
What are THC Hydra and Xhydra?
THC Hydra is a password cracking utility that comes pre-installed in Kali Linux. Xhydra is a version of the same password cracking tool, but with a graphical user interface, which is more convenient for beginners.

Unlike John the Ripper, it is a standalone tool for password cracking.

Types of attacks that THC Hydra can perform:

Parallel dictionary attacks (16 threads are used by default, but can be increased as needed)
Brute force/hybrid attacks for password cracking
The ability to add wordlists and default passwords for cracking
Attack process management - detection with IPS (Intrusion Prevention System)
Parallel attack on different servers simultaneously
Cracking passwords with THC Hydra
Finding the target
To crack the target system, you first need to find open ports on the system. So, let's conduct an nmap scan to find open ports and services on the target system.

To do this, enter the following

nmap -T4 -F 192.168.182.138

Make sure you replace the IP address with your target IP address. As you can see, you will get a list of all the services running on the system. In our case, we will "crack" the ssh service on port 22, as shown below. Note that you need the service name, port, and target IP address for this attack to work.

Setting up Xhydra
Enter "xhydra" in the Kali Linux terminal. A version of Hydra with a graphical interface will open, as shown in the figure.

Now you need to fill in the following settings on each panel

On the target panel, select the target as well as the service and port number you want to crack.

On the password panel, select a list of usernames and passwords to crack. Be sure to select the last 3 options. These are possible options: login as password, empty password, and reverse login.

The setup panel is used to control the number of attempts and the use of proxies during the attack. For example, you can be anonymous using a proxy.

The starting panel is used to start and stop the attack.

Filling in information
Now you need to fill in all the panels in step 2 with the information we gathered in step 1. After the necessary information has been filled in, the panels will look like this:

Target panel

Password panel

Setup panel

Starting the attack
After you have completed step 3, you can start the attack to crack the SSH service on the server.

Click "Start" and the attack will begin. As you can see, the Linux server was easily hacked and the passwords are displayed below

Now, using the same method, you can crack many other protocols. Just replace the protocol you want to hack.

Using the server with the credentials
Now that you have the login and password for the SSH server, let's log into the hacked server and see what we can do.

To log into the exploited system, enter the following command in the Kali Linux terminal

ssh 192.168.182.138 -l msfadmin

Replace the IP address and username with those you found in step 4.

To get more information about ssh, simply enter

ssh -h

Now that you have successfully logged into the system, you will see something like this.

You have successfully hacked the server running SSH.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips

Similar threads

Top Bottom