Get SSH username & Password For Any Server easily with Brute Force Attack

Get SSH username & Password For Any Server easily with Brute Force Attack

Hello friends how are you today? I hope you are doing great and hacking stuff that you don’t know 😀 . So guys in this article we will be walking about Brute Force SSH and how you can do it in Kali Linux. This tutorial is going to be really simple and will be explaining everything that you need to know.

And for all those BugBounty Hunting guys out there  I wanted to tell you that it is a valid bug report as many of the Researchers don’t pay much attention to this try of attacks and never report these so if you are reading out this do remember to check for the issue and make a report :).

What is SSH?

SSH is an acronym which stands for Secure Shell, which provides a secure shell access to a remote machine. This allow people to connect to a local and remote computer, and it comes readily installed in Linux/UNIX and it can be installed on Windows machine too. SSH also refers to the suite of utilities that implement the protocol or cryptogr1aphic network protocol.

Use of SSH?

SSH provides strong authentication and secures encrypted data communications between two computers connecting over an insecure network such as the Internet. It is used by all of the system and server administrators to connect to the remote machines and execute system commands, move, create and edit different files on the remote machine.

It uses RSA encryption algorithm which create an unbreakable tunnel between the client computer and to the remote computer and as we all know that nothing is unbreakable 😛 .

What is Brute Force:-

The above picture totally explains what Brute Force attack is :D. But let us take an other look and explain it in a much better way for you to understand.

Brute force attacks work by testing every possible combination that could be used as the password by the user and then testing it to see if it is the correct password. To see if the password is correct or not it check for any errors in the response from the server.

As the password’s length increases, the amount of time used to find the correct password also rapidly increases. That mean that short passwords are fairly easy to crack.

Also check out this:

Brute Force Website Login Page using Burpsuite

Brute Force Recommended Method:-

So in many cases, it is recommended to use dictionary attack to brute force the correct password. In this method we provide the tools with the list of possible passwords to use against the target system until it get the correct password for the user.

This works if the user is using weak password like “123456” or “password”  which is a not the case now a days but still some people do use passwords like this and there is a saying that:-

There is no fix for human stupidity.

So you can still find many people using these password combinations. may be your best friend is use it 😀 you never know.

This picture truly describe how brute force attack really work you try until it works.

Also Read: How To Setup Network Wide Ads Blocking

Brute Force SSH:-

So now you know what brute force attack is, let’s proceed to the next step. During this article, we will be using a dictionary attack to get the username and password for the remote ssh user.

In order to perform this attack, you will need a wordlist which has a good combination of words and commonly used password and the tools that we will try different combinations with each password.


A good resource for wordlists can be found over here PacketStorm.

There is also another way of creating your own wordlist like if you know the victim you can use there information such as his/her name, date of birth, parents name, children, pets and other information related to the victim and could be used against them.

An example of the password that might be like this “david0512” where david is there dads name, 05 the month 12 year of there birth.

A good program that allows you to compile this data into a wordlist is Ex0dus_0x’s D0xk1t, which you can find here.

You can also download other Wordlists from here:-


And if you are using Kali Linux then you can also find the default wordlist here:-


Scanning For SSH servers using NMAP:-

After setting up your attacking tools the next step to take after that is to find a server which is running SSH. What we can do to find that is use NMAP to scan for open port 22 as SSH services listen on port 22.

For finding the server running SSH locally we are going to scan the entire network here is the NMAP command that you can use to scan all the computers.

nmap -p22

Running On Remote Server:-

Now if we want to test the attack on a remote server then you will have to scan the server for open ports like SSH service here is how you can scan the remote server using NMAP.

nmap <target> -p22

How to Brute force SSH:-

So after all that talk I hope that you are bored to death 😀 😀 this is the part all of us were waiting for (including me :p) so now I will be talking about the tools that we will be using to perform the brute force attack.

Installing Hydra:-

So the first tools we will take a look at the most commonly and powerful tool Hydra. If you are using Kali  Linux you will already have access to this tool. It have to versions, GUI and command line we will take a look at both.

Here is how you can get it installed on most Debian Linux.

sudo apt-get install hydra hydra-gtk

Hydra 8.0

This can be installed with the Launchpad repository ppa:pi-rho/security

sudo add-apt-repository ppa:pi-rho/security

sudo apt-get update

sudo apt-get install hydra

Alternative Method :-

The alternative method that you can use to install this tool is this:-

wget tar -xvzf hydra-8.3.tar.gz cd hydra-8.3 ./configure make make install

Now you can use the tool to perform the attack.

Here is the command that you will use to use Hydra.

[email protected]:~/Desktop# hydra -l root -P '/root/Desktop/500-worst-passwords.txt' ssh

As you can see that Hydra have successfully cracked the password and you can use it to login to the system.

Here is the video explaning all the steps.


The second tool that we will use is called NCrack it is also included in Kali Linux and you can also install it on other Debian Distro

tar -xvzf ncrack-0.5.tar.gz
cd ncrack-0.5
make install

This will install NCrack on your system and then you can run it to crack the ssh password.

[email protected]:~/Desktop# ncrack -p 22 --user root -P '/root/Desktop/500-worst-passwords.txt'

Successfully found the password with NCrack! Here is the Video of the steps .


This is the last tool which can be used to brute force the login you can install it by following these steps:-

tar -xvzf medusa-2.0.tar.gz
cd medusa-2.0
make install

Here is the command that is used to crack the password:-

[email protected]:~/Desktop# medusa -u root -P '/root/Desktop/500-worst-passwords.txt' -h -M ssh

Success full attack 🙂 here is the video covering all the steps.

How to Protect from this attack?

The most recommended methods that you should use to protect from this attack are:-

  • Run SSH on non-standard port.(Other then 22)
  • Block SSH login for root user.
  • Use Fail2Ban. (Will cover in future post)
  • Limit user login attempts.

What we Learned !!!!

So what did we learned from all this? Never use weak password 😀 seriously never use weak passwords.

And on the other hand, we have learned how you can use different tools to test and exploit this issue.

I hope that you have enjoyed the article and if you have any problem do let us know in the comments section below we will gladly help and resolve your issue.


  1. Definitely believe that which you stated. Your favorite justification appeared to be on the
    net the easiest thing to be aware of. I say to you, I certainly get annoyed while people think about worries that they
    plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people can take a signal.
    Will probably be back to get more. Thanks


Please enter your comment!
Please enter your name here