What's new

How to crack ssh fast and easy

Black Stone

Black Stone

Verfied Vendor
Premium User
Dec 6, 2016
Reaction score
United kingdom
Hey folks!

SSH or "Secure Shells" can be used in many different ways and they are sold for $ 5.00+ on spammer markets (price always depends on quality). So this might be a nice way to make some money, too.

This guide/tutorial is dedicated to beginners - if you are already cracking SSH and other stuff like that, there won't be anything new in it for you.

So let's start and see yourself how easy it is!

1. What you need

At least get a VPN to secure your internet connection.
Install the latest version of VirtualBox which is available for free.
Get KALI Linux which is available for free, too, and set up a virtual machine (VM) with it. Alternatively, get the ready-to-start VM-image for VirtualBox from Offensive Security (as usual, it's free).

Pointing to c) everything you gotta do is importing the image in VirtualBox after the download. You can start the system right away though I advise you to update the settings (add more RAM and so on). Just give the VM a little bit more ressources for a better performance.

2. Starting with KALI Linux:

After starting the VM you need to log in. The standard credentials are:

user: root
pass: toor

You may change those credentials, but it's not necessary for this guide. After login, start the "Terminal" by clicking on the black icon in the dock or just right-click on the desktop and choose "Start terminal". We first have to update the machine to the latest version, so type:

apt-get update
apt-get upgrade

And after the upgrade has been finished reboot the VM.
Now your KALI-VM should be up to date and most of the software we gonna use is already installed. But you need to install the SSH package.

Therefore, start the terminal again and type:

apt-get install ssh

KALI will install all needed stuff for you, so just sit back and relax. SSH server won't be enabled afterward, but that's not important for us.

After the installation process has finished, please type:

apt-get install hydra
apt-get install masscan

Both commands should lead to a message saying the latest version is already installed. If yes, go to next step. Otherwise, wait for the installation processes being finished.

3. Scanning for SSH

First of all, we gonna need some IP ranges we can scan for SSH IPs for the cracking process. There are a lot of generators available online.

Now start the terminal again and type:

masscan -p22 --rate=50 -oL scan.txt

"masscan" is a strong IP scanner. The "-p22" tells it which port it has to check - 22 here. Instead of "" enter the IP range you want to scan. "--rate=50" restricts the scanning rate. Without this parameter, "masscan" will most likely crash your internet connection. So "50" is a good value when starting. Choose a higher value from scan to scan for testing which rate is compatible with your internet connection. At least "100" should work without problems - if not, you will recognize it very, very fast ;-) With "-oL scan.txt" we tell "masscan" to create a txt document called "scan" which will contain all SSH IPs once the scan has been finished. You will find this document in your home folder (just click on the folder icon in the dock and you will get there).
Depending on the IP range you choose, "masscan" will find some SSH you can crack afterward. But before we can start with that, open the "scan.txt" and delete everything except the IPs which look like "". After you have prepared the "scan.txt", just got to step 4.

4. Cracking some SSH

Use the Texteditor and create a new txt document in your home directory called "combos.txt". We need some login credentials for the cracking process. So paste some (format is user:password) to it and save the file.

After you have prepared the combolist, start the terminal (again) and type in the following command:

hydra -C combos.txt -M scan.txt -o hits.txt -t 1 -T 25 ssh

This one starts THC-Hydra using parameters which should work for almost everyone (it's case-sensitive, so type it in exactly like written above!). Nevertheless, you may speed up the cracking process by changing the values. So here is what the parameters mean:

"-C combos.txt" tells THC-Hydra, that it shall use the login credentials in the txt-file "combos.txt".

"-M scan.txt" leads to the file "scan.txt" which contains the hosts to check/crack.

"-o hits.txt" makes THC-Hydra saving valid logins to the file "hits.txt" which will be placed in your home directory.

"-t 1" ensures that THC-Hydra only opens one connection (1 thread) to every IP at once.

The "-T 25" makes it using a maximum of 25 connections (threads) at the same time.

You can higher the "-t 1" up to "-t 4" though higher values may work, too. "-t 4" is just recommended. The "-T 25" value depends on your internet connection and on the performance of your VM. Most likely, you should be able to higher it up to "-T 50" or just do not enter it and THC-Hydra will set "-T 64" on its own.

Finally, the "ssh" tells THC-Hydra what kind of service it is going to crack - so we type "ssh" because ... c'mon, you know why ;-)
After starting the cracking process, you will have a lot of time you can spend on waiting. Cracking SSH takes time, so you need to be patient. You can speed up the process by using less combos and by altering the parameters like described above.

Nonetheless, you may see some error messages - just ignore them.

Not every SSH can be cracked this way, but you should find your first cracked SSH in the "hits.txt" later.

5. Hints for better results:

Start the cracking process when your scan.txt contains at least 1,000 IPs.
Use a shorter combolist, e.g. only containing combos with "root:...", "admin:..." and "administrator:...".
Test varying the parameters for masscan and THC-Hydra to find the best options for your connection and VM settings.
Besides that, just check out some IP ranges from Brazil - some of them are golden and will deliver a lot of valid SSH logins.

6. Final words

This method works as well if you want to crack FTP, VNC, SMTP, and even RDP. Just change the port when scanning (e.g. from -p22 to -p3389 to scan for RDP) and the "ssh" in the command for starting THC-Hydra (it will need you to adjust the parameters, too). Nonetheless, this is a very easy method and you should be able to crack your first SSH logins within short time.

I am still using it though results are varying. But a scan.txt with about 1k IPs should deliver a nice amount of hits for sure. If not, you grabbed a very bad IP range, so scan another one but do not give up :)

Good Luck! And if this thead helped you please rep me up! I would appreciate it!