How Hackers Could Brute-Force SSH Credentials to Gain Access to Servers

Рет қаралды 188,270

Күн бұрын

Earn $$. Learn What You Need to Get Certified (90% Off): nulb.app/cwlshop
Three Ways Hackers Can Hack into SSH Servers
Full Tutorial: nulb.app/z4ikd
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Cyber Weapons Lab, Episode 181
The Secure Shell, or SSH, is a common way to access remote hosts. However, it's not as secure as the name would imply. In this episode of Cyber Weapons Lab, we are going to show three different ways to brute force username and password combinations on open SSH ports. Big thanks goes to Null Byte writer drd_ who wrote the article we're basing the video on.
To learn more, check out the article: nulb.app/z4ikd
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb
Vimeo: vimeo.com/channels/nullbyte

Пікірлер: 195

@Aleksandar0100 3 жыл бұрын

Finally, my boy is back.

@lmaoroflcopter 3 жыл бұрын

@@rolandgregory7094 🤦‍♂️ don't be a creeper Roland.

@BreakTheBeat852 3 жыл бұрын

Roland George fuck off roland

@legochewbacca2214 3 жыл бұрын

@@rolandgregory7094 oof bot

@myhackertech 3 жыл бұрын

The man that never blinks

@MokshitKalRa 3 жыл бұрын

He js your girlfriend 😂😂😂

@brendanwebb5489 3 жыл бұрын

Thank you, this really helped me understand ssh servers and how they work, I’ve been having trouble understanding it for a while and this really helped me out

@j_owatson 3 жыл бұрын

He blinks, you just blink at the same time as him.

@natediaz7447 3 жыл бұрын

brilliant

@k.3004 3 жыл бұрын

I blink often but I stared long enough to see him blink 😂

@UNGETABLE7 3 жыл бұрын

Glad to see you’re back again mate.

@Akilasgood 3 жыл бұрын

I was expecting for this video for quite long time.... 🙏🏻

@uniquechannelnames 3 жыл бұрын

I was expecting *this video for quite *a long time. Just a correction in case you're learning English as a second language.

@moligoli3628 2 жыл бұрын

Great sir amazing yesterday only I found your chennal and website I trying to learn basics in this field I watched your 3-4 videos yesterday and visit at website also amazing contents very helpful . Follower from India 🇮🇳

@pianochannel100 3 жыл бұрын

This man has optimized his life down to the intervals in which he blinks.

@sefo31337 3 жыл бұрын

Finaly the creator of the best channel on yt is back

@socat9311 3 жыл бұрын

Could you do a video on discovering what file types a server allows? I have done boxes where for example php might not have been allowed but php5 was allowed. So would be useful to have a strategy of checking such things (other than trying multiple versions I guess)

@mathiasskukker5948 3 жыл бұрын

You're the best teacher I've had. respect for your work.

@brijesh1809 3 жыл бұрын

Great videos, keep it going null byte

@realm2090 3 жыл бұрын

Why's the account that you're on your laptop called "boob" lol.

@user-vn7ce5ig1z 3 жыл бұрын

Because boobs are great? 🤷

@HMUP7 3 жыл бұрын

@@user-vn7ce5ig1z can't argue with that

@yuh6038 3 жыл бұрын

Because he’s the 🐐

@leakthis7218 3 жыл бұрын

boob

@KnotAcceptableVids 3 жыл бұрын

because maturity, that's why. right?

@enos5192 3 жыл бұрын

Kody my Dudy is Back on track... luv U man

@boredguy_0137 3 жыл бұрын

Woah! Thanks mate, I've been looking for ssh brute forcing stuff for a long time!

@shortsentral 3 жыл бұрын

Please help. I am attempting to get in to mobile pen testing too. I am planning on getting a OnePlus 8. But I have no idea if it can be put in to Promiscuous/Monitor mode when I run Kali Linux on it. If it can’t, is there any other decent phone that can? Thank you in advance

@TheExsi 3 жыл бұрын

Damn. I love his stickers!

@ganeshshukla584 Жыл бұрын

Thanks for the video man, it was really good. I tried all 3 methods but it doesn't work can you suggest alternate method?

@pebrialkautsar8692 3 жыл бұрын

Hello I have a question. How can weh port forwarding but keep the original ip address? I tried using iptables (DNA, SNAT) but it was translating the ip address. Helppp :'(

@user-fj4gf4ui8n 3 ай бұрын

Please can i get help on SSH scanner on port 1222? I am a novice, i will appreciate any guide to getting the program and using it.

@chiragramoliya2580 3 жыл бұрын

Hey bro... I have questions about brute force attacked stopped after some password check?

@knighttemplars259 3 жыл бұрын

Who is best for offline attacks, hydra, john or hashcat? Maybe something else? What about online attacks, hydra?

@DiNaMiCNitro 3 жыл бұрын

Excellent video!! What's the background music? Greetings.

@survivalextreme8270 3 жыл бұрын

Tried to ssh the router, but it says port 22 refused .. Tried telnet aswell but port 23 refused .. What can i do about this ?? Connect bot is not working ..

@amantudu4233 3 жыл бұрын

Welcome back

@mrunplugged5080 3 жыл бұрын

Cant, you just determine the range of the subnet by looking at the subnet mask?

@KeithGriffiths 3 жыл бұрын

Your videos are really good. 🐱‍👤

@lyonfiurextechsupport3133 3 жыл бұрын

Dude. Where you can find the (userdb) to create the files and the (passdb)?

@Ultra289 Жыл бұрын

postgresql? but does it work with mysql??

@legochewbacca2214 3 жыл бұрын

yay kody is back

@sigill_fx1 Жыл бұрын

Great Vídeo man! Thanks.

@venuvohra94 3 жыл бұрын

Can I get something related to windows, or if not can you recommend anyone just like you pleaseee

@dr.siddharthojha3642 3 жыл бұрын

Wow amazing video sir ♥️♥️

@thegamerguy56 3 жыл бұрын

Not planning on hacking any SSH, just looking to see what Im up against as a server operator. Don't know why though. I already use public keys with password and root auth disabled, custom port, and fail2ban.

@alertshake8965 Жыл бұрын

That's good enough

@yousufkhan6654 3 жыл бұрын

I think tps is trial per second. Anyways, good to see you sir.

@TarunKumar-de1ej 2 жыл бұрын

what if ssh is configured on different ports then how I can use hydra for attacking ssh

@temisanebireri4294 Жыл бұрын

Thank you for this tutorial. After setting the user file and pass file and attempting to run the command. It brought an error message and I realized I didn't have the user.txt and password.txt files. Please how can I create those files?

@mohamedredaderrassi3333 7 ай бұрын

did you find the solution ? I have the same problem

@jasjotsingh9879 2 жыл бұрын

where do these users.txt and passwords.txt files need to be saved. Which directory

@Rob_III 3 жыл бұрын

Any decent SSH install has: 1) Disabled root login, 2) Disabled password login in favor of public key, 3) A method of stopping the 'attack'; usually by blocking the IP for at least 24 hours or something.

@Rob_III 3 жыл бұрын

@Losko Meh, that's more a "Security through obscurity" thing. It does next to nothing for a determined "hacker"

@Rob_III 3 жыл бұрын

@Losko That's where we disagree: Step #4 doesn't CONSIDERABLY reduce the "impact surface". It MARGINALLY, if at all, reduces the "impact surface". With tools like nmap you can scan all ports in a matter of seconds and if your system is connected to the public internet then tools like Shodan make it so easy even kids can find your "hidden" SSH service. (See security.stackexchange.com/a/189738/3992 )

@Sythorize Жыл бұрын

any half decent hacker will just use a botnet to bruteforce the credentials so banning IP does nothing really. Especially when someone has hundreds of thousands of telnet devices on their net.

@Rob_III Жыл бұрын

@@Sythorize Ofcourse it does, it limits the number of attempts to X for each and every IP. Yes, your banned IP list will grow big, but it's still better than keep allowing each IP to try again and again and again.

@Sythorize Жыл бұрын

@@Rob_III yeah but it’s useless

@LucasAKempe 3 жыл бұрын

Plot twist we all weren't blinking and he was

@salsaamaliaputri-saphire-u7764 5 ай бұрын

is it possible to brute force my server from other network and region?

@shahinmadani184 2 жыл бұрын

could please show us how the metasploit session can be exploited ?in a video please!

@hanselchristopher534 3 жыл бұрын

Basically this all methods will work when there's a system connected to your network right or same network?

@realitycheck_ 3 жыл бұрын

I think that as long as you have the IP of the target. You have their IP, you scan for open port 22 and just brute force it. Give me your IP and I will try if it works lol

@boondocks8091 3 жыл бұрын

How do I change my wifi icon on the top panel to make it like yours?

@abbasfaizy4769 3 жыл бұрын

You can't. Coz you use Windows and he uses Linux! Lol

@JahMusicTube 3 жыл бұрын

Another easy way to protect against this, besides using public keys, is to block IPs after a set number of failed ssh logins in your firewall config.

@jonathanjohn9643 10 ай бұрын

what if they use vpn?

@pie5233 6 ай бұрын

you can easily allow to access only in a range of ip addresses

@GustavAgar 5 ай бұрын

@@pie5233 i do that, only allow ssh connection from the ip that i usually connect

@ravagex2179 3 жыл бұрын

Hey, I just wanted to ask. What is the best WiFi adapter that support monitor mode and packet injection, which works with Kali Linux?

@dumbneek6237 3 жыл бұрын

i personally use this one: Alfa AWUS036ACH

@Nitidus 3 жыл бұрын

The actual aircrack-ng FAQ suggests the following - please keep in mind that the model suggested by the comment above might crash your kernel! • Alfa AWUS036ACH (a/b/g/n/ac) is the best performing card, but the driver can be unstable enough to crash your kernel. • Alfa AWUS036ACM (a/b/g/n/ac) is the highest performing of the STABLE devices, but it requires kernel 4.19.5 or higher, and the driver doesn't work on the Raspberry Pi 3 yet; it works on the Raspberry Pi 4.

@bensomeah6337 2 жыл бұрын

what if you have a confirmed working pair of credentials?

@elieellouk8454 3 жыл бұрын

You have to make a video on hacking a electric scooter via Bluetooth packets !!

@cvegas7823 3 жыл бұрын

How can I use Linux or termux to bypass the pattern lock screen of android devices?

@l0_0l45 3 жыл бұрын

I don't think termux can do any of it, considering the fact that termux does not support rooting.

@zpelleti 2 жыл бұрын

I keep getting 'cred can't be blank', can anyone tell me why?

@bertil0424 3 жыл бұрын

Will work on a Mac?

@TheRealZamFit 3 жыл бұрын

The moral of the story: SSH is f***ing hard to hack. Especially if you do not use a default username.

@uniquechannelnames 3 жыл бұрын

Does using an SSH .rsa key instead of a password make it harder or easier? If you gained like a meterpreter shell into one computer, couldn't you theoretically just find the .rsa SSH credentials?

@TheRealZamFit 3 жыл бұрын

@@uniquechannelnames Attacking a remote system with passwords can be done by anyone anywhere. To hack a system protected with key based security, you must actually find the private key which is something that even the secured machine will not possess. This means the attacker must first successfully hack the admin’s machine to get the key. This is also why you should protect your private keys with a supplemental security layer. A keychain, password manager, or even simple password can make this impractical for all but the most dedicated hackers.

@communist_demon4177 3 жыл бұрын

Yey he is back

@mitujangra4908 3 жыл бұрын

Bro please make a video on how to access the database of an android apps??

@NullByteWHT 3 жыл бұрын

Good idea Mitu Jangra, I've added it to the list of video ideas.

@patrickren7395 3 жыл бұрын

cat /var/log/auth.log | grep Failed | wc -l if the number is more than 2 digits, you should probably pay attention. Change ssh port to at least 4 digits and turn off root user login

@Sythorize Жыл бұрын

Do you think zenmap is a good program? I have found its a lot more useful than doing it all by yourself.

@iluvass2 3 жыл бұрын

very interesting cool content!

@user-vn7ce5ig1z 3 жыл бұрын

Great, so how do we defend against this aside from using a stronger [*nix account] password? Is there a way to time-throttle login attempts? The *MaxAuthTries* and ** settings are barely a minor speedbump for a script and *LoginGraceTime* setting won't help at all (it's essentially useless ¬_¬). A quick search seems to indicate that you'll have to use iptables to set up a time limit. Why isn't there a built-in option in sshd? 😕

@dingokidneys 3 жыл бұрын

To defend against this, as Kody said, you can use an obscure username (disable root/admin ssh logins), use a different port and use a strong password or - even better - use a private key. You can also set fire wall rules that either limit how many login attempts are allowed per minute or deny access to the source IP after a certain number of failed attempts within a time period. On my box, I only allow ssh access for a named user using a private key and that's successfully defended me for years. Recently I added a firewall rule (3 lines actually) to boot people after 4 failed attempts within a minute 'cause my logs were filling up with failed login attempts.

@lmaoroflcopter 3 жыл бұрын

Commercially: Certificate based auth, but that requires you to set up a PKI infrastructure which is a bit beyond the personal use so... Personally: switch to Public Key auth, disable root login, use ip tables to limit connections, install and configure 2fa (Google authenticator is free). You can still brute force public keys (if you have a collection of them - say HDMoore's collection of Debian weak prng generated keys) using something like crowbar but it's not likely that your key generated by a modern operating system is going to be in that collection. Password auth itself needs to die in a fire.

@christopherirving7685 3 жыл бұрын

@@lmaoroflcopter agreed but without Google if you change phone or worst lose it, your screwed. Lost access to several places for a few days. Cloud based authentication is the way to go imo

@lmaoroflcopter 3 жыл бұрын

@@christopherirving7685 that's why you back up your backup codes to something that isn't your phone, and Google Auth, is just an open source implementation of TOTP. Use a yubikey to store the seed and it isn't even linked to a phone. You've also almost always got some access via a providers ILO or serial console system, or in the case of home hosted - physical access to the device, too in order to recover from.any derps. But cloud based Auth is interesting, though I'd argue that's a bit beyond the individual and more a corporate solution, but along the same lines Netflix also publish their own solution for certificate based auth, that runs in aws lambda.

@christopherirving7685 3 жыл бұрын

@@lmaoroflcopter I backed up to something that was stolen I'm just pointing out a flaw many don't take into account. Lost access to coinbase and wallets. But yes I now backup to more than one location :) thanks for the comment

@t.designer5540 3 жыл бұрын

Null byte help me. I m learnin from live kali linux on laptop. When i try hacking wifi my wifi will be disconnected. My linux not scan wifi. If i click restart button it will be fine. I dont know what would i do. If wifi working but not scaning any targets. Help me. I am from Uzbekistan. I don't know English very well. Sorry if have any mistake in my letter.

@l0_0l45 3 жыл бұрын

Network services are disabled by default in Kali. To enable them, try "sudo systemctl network.service start". It is disabled by default as a computer looking for a wifi is exposed, so it gives out its location. Also you may need a wifi dongle if your laptop does not support it. Hope this helps. (P.S. Don't do anything *illegal or criminal,* and if you are scanning ports, use proxychains to hide your ip and prevent dns leaks.)

@t.designer5540 3 жыл бұрын

@@l0_0l45 thank you friend

@chiranjeevinaidu3660 2 жыл бұрын

Bro is there a way to bruteforce ssh passwords like how we bruteforce wifi

@lamontwilliams1843 2 жыл бұрын

Thank you!!!!!!!!!!!!!!!

@oussamaouerfelli2234 3 жыл бұрын

@Null BYte please a tutorial of formjacking injecting script and give us the script thanks

@thelitbroz1615 3 жыл бұрын

why isnt my ssh connecting to the host

@HKAcademy1 3 жыл бұрын

Nice SSID

@amybucio8859 2 жыл бұрын

It said ssh could not be reached :(

@mujeebishola7778 3 жыл бұрын

Hi bro please I want to start and learn hacker please help

@TheJoker-ql1xp 3 жыл бұрын

Me: *Running a Minecraft server* wait what?

@godfather7339 3 жыл бұрын

can you ssh into a Minecraft server? would people keep a ssh port open?

@THORNORDLAND 3 жыл бұрын

well comeback

@sayYes2019 3 жыл бұрын

Love this

@RobinCawthorne 3 жыл бұрын

Would this still work if the server had fail2ban configured?

@misfitsman805 3 жыл бұрын

It shouldn't. iptables should kick in and make the attacking computer think that the server is now offline and wont respond to pings. But I could be wrong. I run fail2ban on all my servers though! Currently at 37678 Blocked IP addresses :D

@RobinCawthorne 3 жыл бұрын

@@misfitsman805 hectic! Would be cool to build a dmz in front and drop a honeypot in there. See what these bots/peeps are up to. I also block with fail2ban but have a static IP at home so could just whitelist. Instead though, there's this port knocking tool, can't recall the name but it works like a dream.

@PashaDefragzor 3 жыл бұрын

Nobody hacking like that anymore, they just looking for a cable and then get into the room

@ahmedakikazim7865 2 жыл бұрын

Please is there any exploitation?

@mercenary8360 3 жыл бұрын

Do you hack a online games

@abdurrafay7059 3 жыл бұрын

plzzz make more kali linux ethical hacking videos

@spacedoutmercy9741 3 жыл бұрын

Is the wifi network's name boob.? 😅

@danielolortegui8422 2 жыл бұрын

Anyone with that many stickers on their laptop has got to be evil

@danzappleseed6881 2 жыл бұрын

When ping all the packets lost'... It goes there's.. !!

@netbin 3 жыл бұрын

Heh finally i can see someone i got used to watch!

@deanlhouston Жыл бұрын

Nobody should be using SSH1 nowdays, so not sure how useful it will be trying to hack into SSH systems using v1 when practically nobody is (should be) using it.

@tahagaming885 3 жыл бұрын

Plz help I want to learn hacking.

@vsivakrishna9647 3 жыл бұрын

Did you notice the wifi name is boob😂

@amybuciomorton7599 2 жыл бұрын

SSH could not be reached

@danzappleseed6881 2 жыл бұрын

How easy u can see all those passwords.

@Elisei36 11 ай бұрын

Nobody talking about his wifi name

@Toxichead1989 3 жыл бұрын

Hey man im trying to learn python what is the most important things to know? //Batman

@randomupload6469 3 жыл бұрын

Ye hes cool I want him to be my teacher

@Rickety3263 3 жыл бұрын

Cant brute force me. Certificate access only ;-)

@dingokidneys 3 жыл бұрын

Same here, but I also tarpitted ssh access 'cause my logs were filling up with scans and hack attempts. Three lines in iptables and my logs are much cleaner.

@RakshithPrakash 3 жыл бұрын

@@dingokidneys where can I find the logs on whose trying to loging and scans?

@dingokidneys 3 жыл бұрын

@@RakshithPrakash The Linux logs are either in /var/log or accessible by 'journalctl' if you have a systemd distro. To check what's happening on ssh you can do either: $ grep sshd /var/log/auth.log or $ journalctl -u ssh

@user-fx7sp5zu6s 6 ай бұрын

How can I move files from the target machine to my own machine?

@Zknosk 3 жыл бұрын

Heroi back to us, after working for hack5? lol

@kcireorenom8430 3 жыл бұрын

wow man... yujuuuu

@abhineetkarn8633 3 жыл бұрын

Hydra FTW

@extrem2497 3 жыл бұрын

Laptop of Doom

@kapoork4129 3 жыл бұрын

Yay kode 🎉

@dakata2416 3 жыл бұрын

Fix your audio for god sake

@Rob_III 3 жыл бұрын

Came here to say this - it sounds like it's recorded under water with a muffler over the potato microphone.

@JarppaGuru Жыл бұрын

ss-gopy your public key to server and login xD oh wait you need password..but what if... you cant brute force if server would my design you get blocked after couple password try LOL and shh has open port...