HowTo Linux Security

Hack SSH Server with Nmap and Hydra – Pentest guide

Hello guys, this time I’m going to tell you how to hack SSH Server connection with Nmap and Hydra.
Before we get started, let me remind of something: These penetration testing tutorials are only meant for educational purposes. Harming anyone elses machines but your own, is illegal.

Hack SSH Server with Nmap and Hydra

Requirements for this tutorial:

  • Hydra
  • Nmap
  • Wordlist
  • Your own machine or virtual environment to test on

The first three are found in Kali Linux, you can use that if you’d like, I’m using Debian with Nmap and Hydra installed.

Now lets get started with scanning the entire local network. We need to find SSH Server with root login allowed on port 22. We will save all on a file called “ssh.txt”
nmap -p22 -PN -sV -oG ssh.txt -open
This will scan your entire local networks SSH servers with port 22 open. I’m not going to show the output, because I will be using Debian server installed on VMWare.
You can scan almost anything with Nmap, just learn to use it first, type nmap -h on terminal to see all the commands and their meanings.

Now let’s get to the cracking with Hydra.
When we have the IP Address or list of ip addresses we want to test, we can start the password testing.
We are going to test login root with the list of passwords and IP’s on port 22.
hydra -l root -M /path/to/ip/list.txt -P /path/to/passwordlist.txt ssh

If you succeed the output on terminal will look similar to this image.
hack ssh server

Congrats, you have learned how to penetrate your ssh server.

Summary for “Hack SSH Server with Nmap and Hydra”

Thank you for reading my entire post! 🙂 Be sure to follow me on social medias to get more awesome posts to read! And please share if you liked my post!

You might also like these:
How to get free bitcoins – Up to 200 usd in BTC per hour!
25 Reasons to use Linux
Cheap Europe VPS – As low as 1 euro a month
How to install Kali Linux on VMWare Player

Leave a Reply

Your email address will not be published. Required fields are marked *