How to bruteforce ssh login credentials using NMAP

When we bruteforce ssh login credentials using Metasploit it takes a lot of time to set up and a lot of parameters are required.

Bruteforcing ssh login credentials using Metasploitable →How to Bruteforce ssh login credentials using Metasploit | by Akshay Bhalerao | Sep, 2021 | Medium

Before we begin the attack we need to create a small text file with possible usernames and passwords. You can also you the rockyou.txt text file which is already present in Kali Linux.

To create the file type the command -

cat>file.txt
admin
root
msfadmin
toor
administrator
admin123
root123
test

If you bruteforcing ssh login credentials with NMAP, then the process is simplified.

1. Load Metasploitable and Kali Linux
2. If you don’t have Metasploitable installed you can follow these steps

→How to install Metasploitable on Virtual Box | by Akshay Bhalerao | Jul, 2021 | Medium

3.Login into Metasploitable and get it’s ip address

4.Scan the target using NMAP and confirm that the ssh port is open and running on port 22.

6. Use the command-

nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst <target>

Here we can see that we have got a match for a username and password. →msfadmin:msfadmin

Let’s try that-

We can see that we have successfully logged into the target machine by bruteforcing the login credentials using NMAP.

So, just by following these simple steps you can bruteforce ssh login credentials using NMAP.