At the Hack Eire CTF competition at IRISSCon we came across a server which was running both FTP and SSH. As a Mac user I needed a tool to brute force some known accounts with a list of suspected passwords. I downloaded Hydra which has the capability of brute forcing both protocols. After compiling Hyrda and running against the FTP it was time to start with the SSH server but as I hadn’t installed LIBSSH the SSH functionality was disabled.
This exercise was completed with the following versions:
cmake – v2.8.3
LIBSSH – v0.4.6
Hydra – v5.8
- mkdir build
cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release -DWITH_LIBZ=OFF ..
If you get the following output then you need to make a change to the source code (See LIBSSH Code Change):
Linking C shared library libssh.dylib
“_environ”, referenced from:
_environ$non_lazy_ptr in socket.c.o
ld: symbol(s) not found
collect2: ld returned 1 exit status
make: *** [libssh/libssh.4.1.3.dylib] Error 1
make: *** [libssh/CMakeFiles/ssh_shared.dir/all] Error 2
make: *** [all] Error 2
If the cmake was successful then you need to install the library.
- make install
If this is successful you will get the following output:
– Generating done
– Build files have been written to: /foo
If you get the following then how about running as root using sudo.
Maybe need administrative privileges.
LIBSSH Code Change
Edit line 694 of socket.c.
Change the following line:
execve(args,(char * const *)args,(char * const *)environ);
execvp(args,(char * const *)args);
Now you have LIBSSH compiled and installed you need to recompile Hydra.
Make sure that LIBSSH support has been detected.
Checking for libssh (libssh/libssh.h) …
- make -B
Test that it works correctly
./hydra -l root -p root 192.168.0.1 ssh2