Carnivore - Predator
Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
current version: 0.7.0 - PREDATOR
home > documentation > modules > How to use THC xSSH
This article explains how to effectively make use of THC xSSH.
author: Remco Kouw
created: 03-May-2024
updated: 03-May-2024

THC xSSH Introduction

This documentation details the functionality of the THC xSSH (thc_xh) module.

THC xSSH utilizes a dictionary attack approach to guess user passwords for SSH access.

Interface Parameters:

  1. SSH Server Location: The host where the SSH server is located.
  2. Username: The username to attack.
  3. Port: The port where the SSH service is listening.
  4. Wordlist: Dropdown menu containing wordlists from the Wordlists folder.

ModGlue Variables:

  1. $_CONTEXT['thc_xh']['log']: (string) Absolute path to the log file where successful passwords are stored.
  2. $_CONTEXT['thc_xh']['results']['result']: (boolean) Result of the brute-force attack (true if successful, false otherwise).
  3. $_CONTEXT['thc_xh']['results']['password']: (string) The correct password if the attack was successful.
  4. $_CONTEXT['thc_xh']['port']: (int) The TCP port where SSH is listening.
  5. $_CONTEXT['thc_xh']['user']: (string) The username to attack.
  6. $_CONTEXT['thc_xh']['host']: (string) The host where the SSH server is located.
  7. $_CONTEXT['thc_xh']['keys']: (array) Dump of successfully cracked passwords (applies to View Passes case only).
  8. $_CONTEXT['thc_xh']['wordlistname']: (string) Absolute path to the wordlist file in the Wordlists folder.
  9. $_CONTEXT['thc_xh']['wordlist']: (array) Content of the wordlist.
  10. $_CONTEXT['thc_xh']['loginattempts']: (int) Number of attempts made.
  11. $_CONTEXT['thc_xh']['result']: (boolean) Result of the brute-force attack.
  12. $_CONTEXT['thc_xh']['connection']: (resource) Connection to the SSH server.
  13. $_CONTEXT['thc_xh']['wordlistwords']: (int) Number of passwords used in the attack.
  14. $_CONTEXT['thc_xh']['currentpass']: (string) Password used in the current brute-force attempt.
  15. $_CONTEXT['thc_xh']['writetext']: (string) Data entry for the log file when a password is guessed.
  16. $_CONTEXT['thc_xh']['totaltime']: (int) Total execution time.
  17. $_CONTEXT['thc_xh']['resultstring']: (string) Result string sent to the user.

Resource Settings:

  • Time Limit: PHP default.
  • Memory Limit: PHP default.

Expanding THC xSSH:

N/A

Dependencies:

SSH2

Known Issues:

This module uses dictionary attacks for brute-forcing, which can be resource-intensive. If you encounter time limit or memory issues, consider adjusting the module's settings.

How to use THC xSNMP || How to use CollectPanels
similar content
How to use AntiFTPHow to use THC AntiHashHow to use AntiLoginHow to use AntiMailHow to use AntiZipHow to use THC Database BruteHow to use HTTPAuthHow to use THC xSNMP
Created by Remco Kouw: 2008-2024