Home 0P3N Blog iOS App Penetration Testing: Cracking SSH Passwords with Hydra
Ready to Start Your Career?
Create Free Account
Lalitha s profile image
By: Lalitha
May 9, 2017

iOS App Penetration Testing: Cracking SSH Passwords with Hydra

By: Lalitha
May 9, 2017
Lalitha s profile image
By: Lalitha
May 9, 2017
hydraHello Guys,This is my first video on Cybrary. It deals with cracking SSH Passwords with Hydra. Yes, I know the video is old (from 2014), but the info is still relevant. If you have any questions, please comment below and I'll answer as soon as possible.Transcript:[one_half]
0:00
alright welcome back to another video
0:02
from insect X is application penetration
0:06
distinct course in the previous video we
0:10
have seen how someone can actually
0:12
exploit your iphone using metasploit if
0:15
you don't change your default password
0:17
of ssh now in this video we're going to
0:21
see the same attack but not with
0:23
metasploit rather they are going to use
0:25
a tool called hydra tu brute force your
0:28
password and then login to your iPhone
0:31
using an ssh client so let us begin I
0:36
have logged in to my cali linux using
0:39
ssh so first like any other pen tells
0:44
let's begin with information gathering
0:46
in my case if config this is the IP
0:50
address of mike my machine and lemme
0:54
scan for the IP addresses between one
1:00
ninety two dot one sixty eight dot one
1:03
dot 100 which is Callie's you know IP
1:07
address and 103 looks like again your
1:12
iphone is down yep so we have got one
1:17
ninety two dot one sixty eight dot one
1:19
dot one or two just like what we have
1:21
got in the previous video now let us
1:24
type nmap hyphen o and one ninety two
1:30
dot one sixty eight dot one dot one or
1:32
two to identify the operating system
1:36
details of your remote system which in
1:39
which in our case is iphone
1:46
so let's wait for a while it takes a
1:48
couple of seconds
2:06
we have got the output so if you see
2:11
this this is the operating this is this
2:13
is the line which says operating system
2:14
details this is what exactly we have got
2:17
in the previous video as well and the
2:19
network distance is one hop we are
2:21
connected to the same network and as you
2:25
can see SH is running as 22 the port
2:30
number 22 is also open so that's why as
2:33
such is running over there so what we
2:37
going to do is let's use a tool called
2:40
Hydra you can just type it in the
2:43
command line it it gives the all it
2:45
gives all the options along with the
[/one_half][one_half_last]
2:47
syntax or there now what I'm going to do
2:51
is rather than complicating the task I
2:53
am just going to use the simple syntax
2:55
which is already given by Hydra itself
2:57
so let me copy this and paste lo there
3:03
as you can see let me remove this let me
3:06
clear the screen all right so Hydra
3:14
hyphen L let me paste it over there
3:18
rather so hyphen L is which this is
3:23
something which specifies a username so
3:25
in my case it is root this login name
3:28
and pass this dot txt is the file which
3:33
contains the password that can be used
3:35
to brute force the password of your
3:37
target in my case I'm going to use the
3:44
passwords dot txt file which is there on
3:47
my desktop you can actually go ahead and
3:52
say this great I have passwords dot txt
3:57
on my desktop so let's change this to
4:02
ssh and change the IP address as well
4:08
one ninety two dot one sixty eight dot
4:10
one dot one or two press Enter awesome
4:15
it is attacking surveys SH on port
4:18
number 22
4:19
and we have successfully completed one
4:23
valid password found its Alpine so this
4:29
is how one can actually brute force your
4:31
passwords and log into your you know
4:34
devices now we can actually log in to
4:39
your iPhone using the same technique
4:42
which we have been seeing right from the
4:45
beginning of the course using ssh client
4:49
it will ask you for the password and the
4:52
default password is alpine this is what
4:55
we got here so this is how one can
4:57
actually log into your iPhone using ssh
5:00
one can crack your s such passwords
5:02
using Hydra and log in using any ssh
5:05
client so from here onwards you get the
5:07
attacker can actually do anything he
5:09
wants on your iPhone he can see all the
5:11
SMS contacts call logs and he can do a
5:15
couple of other things so that's all I
5:18
have in mind for this video thanks for
5:20
watching it thanks a lot
[/one_half_last]
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry