SSH Hacking Complete
Loading...
Uploaded by boriddlin on Aug 8, 2008
Shell Script does the work on Linux to hack into a ssh account!
Link to this comment:
Uploader Comments (boriddlin)
All Comments (30)
-
why did you put that shit in the background
-
Ever heard of denyhosts? I hope your "dictionary" has the right guess in the first 3 attempts.
-
LOL 3 line dictionary
-
log simply extracting password from dictionary. if password is not based on dictionary word, then this SHOULD FAIL. No use.
-
@bgreenall01 Perhaps the best theoretical way an SSH account could be cracked would be to have a dict with EVERY password in it, divide up that dictionary 1000 times and using "grid-computing" to divide up the process between a thousand servers working on their own piece you would need to best testing about 1.15 million keys per server per sec to crack it in one year or less. This would likely just lead to a massive denial of service / FBI raid on your server farm.
-
Looking at this from a "keys per second" perspective this isn't very effective. Most SSH servers worth cracking into have user passwords with a force-change of password every two weeks - two months. You tried 2 keys/sec. In a typical 10 character password using only lower case lettering and 0-9 you have 36 characters. 36 characters^10 = 3,656,158,440,062,976 possibilities. If the password used is truly random and you run this script, you'll crack it in about 57929524.37 years.
-
Yeahhhh, I'm not buying this... FYI, RAP SUCKS!
-
@boriddlin again, you're wrong. this is not bruteforcing, this is a dictionary attack. they are completely different things.
i don't need to try the script because if i wanted to do what you did, hydra does a better job of it.
-
@boriddlin actually, 4 IS true. and so is 2. on all my boxes i admin, i run bruteforce detectors that parse ssh attempt logs and add an iptables DROP rule for any source ip that fails after X# of failed attempts. opening a new socket wouldn't help if you're coming from the same source.
-
sdghsdgdsgdg
Hello boys. This is a computer. COM PU TER. dsghsgsdg you should learn this firstly. After that you can hack some computer.
4:04Cracking SSH Loginsby linuxstyles29,311 views
- 6:41HACK FTP IN 10 minby CarDevil2007173,134 views
- 1:48Putty SSH Connection Tutorial Complete (credits...by ChRiStIaAn00810,503 views
- 3:28Bypassing Firewalls Using SSH Tunnelingby superprotocol38,951 views
- 2:25Getting root password using hydra commandby PHLWUGdotORG31,952 views
- 8:15Facebook Hack *bruteforce*by MegaExploits36,213 views
- 6:36Open Carry Vs Gun Controlby Avisualrecord20,842 views
- 4:19Card sharing on a satellite receiverby sattvmaniacom36,149 views
- 3:21Telnet Bruteforceby navrax29,838 views
- 2:14HACK SMTPby moneyprestige13,614 views
- 2:00Hack passwd linuxby hautp23,508 views
- 9:58Bypass ANY Firewall/Hide Traffic - SSH (Part 2 ...by mushroomHEADBANGERS18,001 views
- 9:38Linux From SCRIPT, LFS the easy way...by marcelvdboer15,567 views
- 2:44HYDRA Bruteforce SSH on OVH Server (HD)by bricowifi10,661 views
- 1:47Sniffing Logins and Passwords! C00L!!by Pr0LiFyCk116,147 views
- 7:40Korn Shell Tutorial 1 - print statements and co...by bjamesm706,399 views
- 0:24Truss to find ssh passwordby xmlisnotaprotocol4,997 views
- 1:33How to Login to SSHby robgraphics4,301 views
- 4:09PPSS Parallel Processing Shell Script demonstra...by louwrentius5,793 views
Several problems:
1) What are the chances that the person's passwd is gonna be a dictionary word?
2) Even if it is, the host would disconnect you after a few tries down the list.
3) This only works if the victim is running ssh, with an open firewall, without specifying a source IP address.
4) This would take forever in real life.
5) The victim would have to be running *nix.
6) You should spend your time doing something else, like getting a life.
kannelal 2 years ago 12
1) There are thousands of password dictionaries out there - try one!
2) This program connects only once each attempt - a fresh connection!
3) There are hosts with ssh running openly out there - scan for one
4) Not true
5) Everyone runs unix linux
6) The Government took my pills awway...
boriddlin 2 years ago 12
This is just silly. That script will no more crack ssh than flapping your arms will cause you to fly.
His box's password is item 3 in his dictionary. A real dictionary attack will never find a reasonable password because reasonable passwords won't be in his dictionary.
Additionally, properly configured systems only allow a couple of failed guesses before locking out the attacker's IP, so even if he tried brute-forcing the password, it would be a short-lived and futile attempt.
SergeyRozhenoko 2 years ago 4
Actually, I disagree. This is brute forcing - there fore password guessing - at its finest.
It only connects once - so repeated password attempts will not be logged.
If all else fails - why the hell not try this script?
boriddlin 2 years ago