Hydra FTP and SSH Brute Force SLOW

[mojo0254]

I am currently attempting to broaden my education level on penetration testing and I am using the Metasploitable linux 2.0 and have tried with the De-Ice ISO as well. I have tried using Hydra to brute force the FTP service and the SSH service with a smaller modified version of the darkc0de.lst dictionary that comes with backtrack 5 R3 so my dictionary is only 15 MB. I start hydra with the following command line:

hydra -l root -P /root/desktop/darkc0de.lst -f -v -e nsr 192.168.1.4 ftp

This works and begins to brute force the FTP server but is only cracking 250 - 270 words per minute and says it will take 90 - 100 hours to complete. Thinking this may have to do with the allocated ram for the VMWare machine running metasploitable I took the ram up to 2 GBs for the VMware machine. This attempted fix yielded the same results. After attempting to add ram to the VMWare machine I read that changing the threads could help so I tried the following to commands:

hydra -l root -P /root/desktop/darkc0de.lst -f -v -t 5 -e nsr 192.168.1.4 ftp

hydra -l root -P /root/desktop/darkc0de.lst -f -v -t 0 -e nsr 192.168.1.4 ftp

Both of these commands as well yielded the same results. The computer I am using Kali on has a 2.6 GHz processor and I am running Kali GNOME i386 on a USB.

Any and all help will be greatly appreciated. It is very frustrating to attempt to learn something when it is taking days to exploit each section and I know this should be able to be done in a matter of hours. Thanks in advance for your help.

[charonsecurity]

Try experimenting with the tasks option "-t n" where n is a number. The higher the number the faster it should be.

Edit* I see you tried with 5 and 0, see if something higher will work better.. I don't believe the amount of ram you dedicate will have much of an impact. Also, not sure about being in VM if that has an adverse effect because its visualizing the cores.?

[jackpwns]

Could you try giving the VM more sockets/cores as opposed to more RAM? Perhaps that may allow it to run calculations a bit faster?

[catalyst256]

Hi mojo0254,

I've done some SSH brute forcing before so thought I would share my experiences with you. The first to remember about brute forcing attempts is that it's really slow, protocols such as FTP and SSH are by far the slowest because each connection (to send the password) has to be established.

For example, when you log into FTP you first establish a connection with the FTP server, then have to wait for the response, then send you username, then wait for the response, then send your password, and then finally wait for the response. In theory increasing the number of threads is going to slow the process down because most FTP servers can't handle lots of active connections all at once. You would be better off increasing the memory in your target so it can handle with the extra load rather than your attacking machine.

Just as an aside, in the world of penetration testing, brute forcing services is probably as LOUD as you can get in terms of making your presence known. Often its used as a last, last resort or for testing how an application will handle that sort of attack. You are usually better off looking for another attack vector. The metasploitable 2 VM does have an exploit for the SSH server (other than brute forcing) and I think for the FTP server (I think there are 2 different FTP servers running on it??).

Hope that makes sense.

[mojo0254]

Catalyst256
Thanks for the reply. I will definately look more into the other exploits. As I am just getting into this stuff I know the De-Ice disk is set up to where SSH is the way to exploit the machine so that being what I understand the most that is something I went after on metasploitable but I will be sure to look at other ways to exploit. Thanks again for the help.