The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.
Lets start Hacking A WebServer Using Bruteforce SSH Login Module
Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.
Step 2 :- search ssh_login
Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.
use auxiliary/scanner/ssh/ssh_login
You may also like :-
Step 4 :- Create a randomly User.txt file for brute force attack.
Step 5 :- Create a randomly Password.txt file for brute force attack.
Step 6 :-
set STOP_ON_SUCCESS trueset RHOSTS 192.168.69.131set USER_FILE /root/Desktop/User.txtset PASS_FILE /root/Desktop/Password.txt