Sunday, December 27, 2015

Dictionary SSH Hack.


Disclaimer.

this is technologically advanced article about hacking SSH password by writing SSH Client using Java Library for this.

to understand this article, one has to know a little about programming (preferably in Java), & a little about SSH.


Dangers.

this method can be used to obtain root password of vulnerable systems, thus taking over computers.

... process of obtaining root password & installing a rootkit can be automated as well.


potential vulnerable systems can be found using a web crawler software that scans for open ports, like nmap does, looking for port 22.

not every ssh server allows for root login, but there's still the danger of escalating access privileges with other hacks.

not every ssh server runs on port 22 as well.


C0de.



C0de.

(click to enlarge image).



... this time i did dictionary attack on SSH password.

... c0de is available for download here.

(it requires Jsch library & it's dependencies).


As another way, a standard SSH client can be used ... with a script that performs many hack attempts in a loop, by executing ssh client many times.


Why ip address spoofing does not work with SSH hacks?

... because SSH service requires two-way communication.

Client sends requests, and awaits responses from the server.

Without 'knowing' the source IP address, response can't be sent to a proper computer (ssh client).

It's possible however to attack from a 'proxy' server, or from a different machine with different IP address controlled by a hacker, to bypass IP block or to misdirect.


TOR Anonymity for a SSH Hack.

it's still possible to perform an 'Anonymous SSH Hack' using 'The Onion Router' for example.

No comments:

Post a Comment