In today’s world, securing systems against unauthorized access is critical, and one of the most common methods hackers use to break into systems is through password cracking. SSH (Secure Shell) is a widely used protocol that allows users to remotely connect to servers, making it a common target for password attacks. As a penetration tester or ethical hacker, learning how to crack SSH passwords enables you to identify weaknesses in authentication methods and ensure systems are adequately protected.
One of the most popular tools for password cracking is Hydra, known for its versatility and speed. Hydra can be used to crack passwords for many different protocols, including SSH, HTTP, FTP, and more. In this guide, we’ll walk you through how to use Hydra in Termux, an Android terminal emulator, to crack SSH passwords. You’ll learn how to install Hydra, create password lists, and perform an ethical SSH password cracking test on a target system. By the end of this guide, you’ll understand how to use Hydra for password cracking and how to prevent these kinds of attacks on your own systems.
Table of Contents
Prerequisites
Before we dive into the steps of cracking SSH passwords using Hydra, let’s go over the requirements. These are the basic tools and setups you’ll need to complete this tutorial:
- Termux installed: Termux is a Linux terminal emulator for Android, allowing you to run and install command-line tools. If you haven’t installed Termux yet, it’s available for download on the Google Play Store or its GitHub page.
- Hydra installed: Hydra is a password-cracking tool that doesn’t come pre-installed in Termux. We will show you how to install it step by step.
- Target SSH server: You will need a server running SSH for testing purposes. Ensure that you have permission to test the server; unauthorized access attempts are illegal and unethical.
Additionally, it’s recommended that you use Termux in a Linux-compatible environment and update your package list by running:
pkg update && pkg upgrade
Installing Hydra on Termux
Hydra is not pre-installed on Termux, so the first step is to install it. Let’s go over how to install Hydra and verify that it is working.
Update Termux packages: Before installing any new software, always ensure your system is up to date by running:
pkg update
Install Hydra: Use the following command to install Hydra:
pkg install hydra
This command will download and install Hydra, along with any necessary dependencies.
Verify Hydra installation: Once the installation is complete, verify that Hydra was installed correctly by running:
hydra -h
You should see Hydra’s help page with a list of commands and options, confirming that it is ready to use.
Hydra is now installed and operational, ready for SSH password cracking and other testing protocols.
SSH Password Cracking with Hydra
Now that Hydra is installed, let’s dive into using it to perform an SSH password cracking attack. The goal here is to attempt to find the correct password for a specific user on an SSH server by trying multiple passwords from a wordlist.
The basic syntax for using Hydra to crack SSH passwords is:
hydra -l <username> -P <password_list> <target> ssh
-l <username>
: This specifies the username for the account you are trying to access (for example,admin
).-P <password_list>
: This option specifies the path to the file containing a list of potential passwords (often called a “wordlist”).<target>
: This is the IP address or domain name of the SSH server you are attacking.ssh
: This tells Hydra that you are attacking an SSH service.
Example Command:
Suppose you want to test an SSH server running at 192.168.1.1
for the user admin
, using a wordlist file named passwords.txt
. The command would be:
hydra -l admin -P passwords.txt 192.168.1.1 ssh
Hydra will then begin trying each password in the passwords.txt
file for the admin
account on the target SSH server.
Creating a Password List for Cracking
In most password-cracking attacks, you’ll need a wordlist that contains potential passwords. Hydra will try each password in the wordlist until it finds the correct one, or until all options have been exhausted.
If you don’t have a wordlist, you can create one. Here’s how to create a simple wordlist file in Termux:
echo -e "password123\nadmin\nletmein\n123456\npassword\nqwerty" > passwords.txt
This command creates a file named passwords.txt
that contains six common passwords, one on each line. This basic list is useful for testing, but in real-world scenarios, penetration testers often use larger wordlists that include thousands or millions of passwords.
Contents of passwords.txt
:
password123
admin
letmein
123456
password
qwerty
There are many publicly available wordlists you can use, such as those found in the SecLists project on GitHub. However, for testing purposes, this simple list will suffice.
Running Hydra to Crack SSH Passwords
Once you’ve set up your password list, you can run Hydra to attempt the SSH password cracking. Here’s an example using the command structure mentioned earlier:
hydra -l admin -P passwords.txt 192.168.1.1 ssh
Hydra will then attempt to log in to the SSH server at 192.168.1.1
using the username admin
and each password from the wordlist in sequence.
Sample Output:
Hydra v9.1 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.
[DATA] attacking ssh://192.168.1.1:22/
[DATA] 4 tasks, 1 server, 6 login tries (l:1/p:6), ~1 try per task
[22][ssh] host: 192.168.1.1 login: admin password: password123
[STATUS] attack finished for 192.168.1.1 (valid pair found)
Explanation:
Hydra successfully found the correct password (password123
) for the admin
user. This output shows the IP address of the SSH server, the username (admin
), and the password that worked. The attack ends when Hydra finds a valid login combination or runs out of password options to try.
Ethical Use and Security Measures
Password cracking is a powerful technique, but it must always be used responsibly. It’s illegal to perform brute-force attacks on systems without explicit permission from the system owner. Hydra is designed for ethical hacking and penetration testing, and should only be used in environments where you have the authorization to test security.
To protect your own systems from these types of attacks, consider the following security measures:
- Disable password-based SSH logins and use key-based authentication instead.
- Enforce strong password policies to make it more difficult for attackers to guess or crack passwords.
- Limit the number of failed login attempts and use tools like Fail2Ban to block IP addresses that attempt brute-force attacks.
For more information on securing your SSH server, check out our article on SSH security best practices, which covers key-based authentication, firewalls, and other important security measures.
Conclusion
In this guide, we’ve walked through the steps of using Hydra in Termux to perform SSH password cracking. We covered everything from installing Hydra, creating password lists, and executing brute-force attacks on an SSH server. Always remember to practice ethical hacking by obtaining permission before testing systems, and use these techniques to improve the security of your own servers.
If you want to learn more about ethical hacking or other penetration testing techniques with Termux, check out our collection of Termux tutorials for more advanced topics.
Ethical Hacking Archive
Welcome to the Termux Ethical Hacking Archive. This dedicated archive is your go-to resource for everything related to ethical hacking using Termux, a powerful terminal emulator for Android. Whether you’re a beginner or looking to deepen your expertise, this archive provides a complete collection of articles to guide you through the essential aspects of ethical hacking with Termux.