Skip to 0 minutes and 11 secondsI will run Medusa attempting to brute-force the root account on the server using one of the password dictionaries which come with Kali. The tool is now trying to log into the server using the root account and different passwords. If the SSH server allows root logins and the password is in my list, the attack will succeed. We can leave Medusa to run and eventually it might give us the login credentials. Such attacks on internet run constantly and can last days or weeks. Our IDS can detect it and will generate alerts for us. We can then respond and take measures to prevent it. However, there is more we can do. We can configure the server so that it stops such attacks.
Attacking an SSH server
Often the port scan will be followed by a brute-forcing attack if an authenticated service has been discovered.
We will perform a password brute-forcing attack on the SSH server which is vulnerable, ie it does not prevent such attacks.
This attack will use medusa – it is a password brute-forcing tool capable of attacks against multiple authentication based online services. It works by running login attempts using a list of usernames and passwords until one of them succeeds.
Note: Here is the command that I am running in the video. Copy and paste this code (the whole command is one single line):
medusa -h 192.168.5.100 -u root -P /usr/share/wordlists/sqlmap.txt -M ssh -t 5