Servers are often more secure than regular computers, as system administrators want to protect the data from these. In today's world, few system administrators sit in front of a server and use a physical terminal. Instead, the servers are remotely controlled via a system called SSH in port 22 (Secure SHell).


However, like any system, it has its flaws. In this tutorial we will not use the vulnerability, or bug in the system. Instead, we will use the EFFECTIVE method (given enough time), to coercively force it.


I’ll assume you all know what coercion is wrong, so I won’t go into details there. However, some may not know what THC-Hydra is. THC-Hydra is a password cracking program, intended to be fast and efficient. We will use THC-Hydra to force the SSH password, to access the system.


Hydra (CLS - Command Line )

Step 1 :-  The first step, as always, Install The hydra Tool you Android Termux , Any Linux OS
How To Install Hydra on Termux & Linux click hear



Step 2 :-  Hydra is a compatible login cracker that supports multiple agreements to be attacked. It is a very fast, flexible, and new module that is easy to put into attack. This tool makes it easy for the researcher and security guard to demonstrate how easily it can be accessed from unauthorized access to the system remotely. We use the following method to terminate the login.

Now that we know that SSH is open on our target, let's crack it. The command for this is:

hydra -L (LOG USER NAME / WORDLIST.txt) -P (WORDLIST password.txt) (TARGET'S IP) ssh


hydra -L user.txt -P password.txt 192.168.0.8 ssh

Where [- L] parameter is used to provide the username list and [- P] parameter used to provide the password list. Once the commands are executed it will start applying the dictionary attack and you will get the right username and password. After a few minutes, hydra cracks the credential, as we can observe that we had successfully grabbed the username as “shubh” and password as “123”.



Step 3 :- Let me read it! Checking the command, we see that THC-Hydra has found a valid user password.


Hydra (GUI - Graphical User Interface )

Step 1 :-  It is a GUI version of Hydra; can be used to crack passwords offline and offline. It has all the features and benefits of Hydra in GUI form. Let's start the attack by opening the tool. After you open this tool on the target, it will ask us about the target, the number of the service tab, the name of the protocol service, and any other specific options we want in our attack.

321

When we fill in the details on the targeted tab, we need to switch to the password tab, where we need to fill in or browse the username and password in the attack list. There are other additional options available in the tab such as Try to sign in as a password, try an empty password, and then try a changed sign in.


When we fill in the details required for an attack, we need to change the tab to start the attack on the victim's server



As we see that we are breaking the truth with our attacks.