# SSH Brute Force Cracker

## Judge584

Hi,

I'm looking for an SSH Brute Force Cracker Tool.(for me only, on my local network at home)

When I mean Brute Force, I mean that I don't want a tool that need a dictionnary file like Hydra, I want a real Brute Force Tool, like LopthCrack on Windows.

Does someone know such a tool?

Best regards,

Judge584

----------

## Sachankara

I can't really see the use for it. If you want to prevent brute force logins via SSH, just compile openssh with "tcpd" and then use fail2ban to prevent them.

----------

## Judge584

"I can't really see the use for it." --> lol! do you really need it to know that for answering my question??? (no offense  :Wink:  )

Ok: I have on my local network 2 gentoo PC, and I just want from the first one to be able to attack the second one with an ssh brute force password cracker.

Simple, this is just for educative search: I want to know if it works, and how many time is required to accomplish this, etc...

----------

## Phinn_Fort

You want education? Write one yourself;)

-PhinnFort

----------

## Judge584

I'm sorry but I find you a little angry: if you don't want to help then don't post!

I'm quiet sure that with a little effort you will be able to find something to do wich does not sucks like answering question when you don't care...

Judge584

----------

## Phinn_Fort

I was serious. If you want to learn about network security, and specifically regarding SSH, what would be better than to write the software yourself? I recommend Python.

And yes, I'm soon going to eat dinner, thank you;)

If you don't feel like doing something useful, try Google(tm), I found at least a couple of different bruteforcers in one search.

-PhinnFort

----------

## Judge584

Ok, I think I have not understood you post correctly, so i'm sorry (sincerly), and I wish you a 'bon appetit!'

I've already had a look at google, i'm always looking at google before posting here, but all the tools I have found rely on an dictionnary file.

I will search longer...hope to find what i'm looking for.

And for your suggestion: yes writting a tool would be good, but I don't have any knowledge on Python, C, or others...nor the time to learn them.(Unfortunately)

Best regards,

Judge584

----------

## Phinn_Fort

Okay, last thing before I go and eat:

http://www.google.com/search?q=ssh+bruteforcer&ie=UTF-8&oe=UTF-8

I see two names, GuessWho and MassRooter, try to look into them;)

Have a happy day.

-PhinnFort

----------

## nom de plume

Brute forcing is not going to work well since there is a couple second delay after each unsuccessful login and the connection is closed after a few tries. And it would take an absurdly long anyways unless you had a dictionary password.

----------

## Jeremy_Z

Or a pack of windows zombie   :Laughing: 

But anyway, once you know the time you need to try one password and the real password, you can mathematically find the time needed to find crack it. If you are really talking about *stupid brute force* attack.

Dictionnary attacks are far more interesting because they try to be clever. And i don't think you can be much more clever than that at remotely forcing a ssh password.

LophtCrack is completely different btw, if i remember correctly it is cracking the hashes of the passwords stored in the registry. So i would be more similar to crack the /etc/shadow file .

----------

## pele_smk

Write one ..... no seriously. I wrote one last years using TCL/Expect. By executing the program in parallel you can beat the X second delay in failed login attempts. Within an hour you'll learn how to write in TCL/Expect and cater the ssh attack to your needs. ex: dictionary attack, random letters, letters numbers, etc..

----------

## Judge584

ok, thanks for suggestions, i think i'm going to give a try to the TCL/Expect thing...

thanks again.

----------

