If you wanted to know how to crack the passwords of websites by using a tool like omg, this tutorial is perfect for you. Today we will show you how to use Xomg the GUI version of omg and crack passwords for websites and services such as ssh that are online with an online password cracking tool.What exactly are THC omg and Xomg?THC omg is the best option for brute force attacks on any website or online service you want to attack. Luckily for us, it is preinstalled in Kali Linux, so you do not have to worry about installing it. Xomg is the GUI version of the same password cracking tool. This is beginner-friendly, and I will show you exactly how to use itUnlike John the ripper is an offline password cracking tool. omg can also crack passwords and logins of websites as well as services on the internet. For this tutorial, we will be using xomg to hack ssh passwords for my demo target.Type of Attacks THC omg can do :Parallel dictionary attacks (16 threads by default can be increased as needed)Brute force/Hybrid attacks for cracking passwordsCheck for null, reversed, same as username passwords.Ability to add wordlists and default passwords for crackingManipulate the process of attack- prevent detection- by IPS (Intrusion Prevention System)Parallel attack of different servers at the same timeMust read: How to hack routers with routersploitCracking Online Passwords using THC omgStep 1: Scanning for the targetTo hack the target system, we first need to find open ports on the system. So let’s do a nmap scan to find the open ports and services on the target system.To do this type the followingnmap -T4 -F 192.168.182.138Make sure you replace the IP address with your target IP Address. As you can see, you will get a list of all running services on the system. In my case, I will crack the ssh service on port 22, as shown below. Do note you need the service name, port, and IP address of the target for this attack to work.Step 2: Setting up XomgLet’s start by opening XomgType xomg in the Kali Linux terminal. And the GUI version of omg will be opened as shown.Now you need to fill the following settings on each panel:On target panel: Select your target, and the service and port number you want to hack.On password panel: Select the username and password list for hacking. Make sure to select the last 3 options. You won’t believe how many people keep the default settings. The options are login as password, empty password, and reverse login.Tuning panel: This panel is for controlling the number of attempts and using proxies while hacking. As you can guess, you can be very stealthy bu using a proxy.Start panel: The start panel is used to start and stop the attack. Kind of obvious, I know.Now you need to fill all the panels in step 2 with the relevant information we collected in step 1. After that, we need to make sure that all the settings are as per our desires as well.So once the information is filled the panels will look like this:Target panel:Password panel:Tuning panel:Step 4: Start the attackOnce you have done step 3, you can now start the attack for hacking SSH service on the server.Click start, and the attack will begin. As you can see my Linux server was easily hacked and the passwords are shown below:This is how easy it is to hack servers these days. Now with the same method, you can hack many of the other protocols. Just replace the protocol you want to hack with the correct information. You can learn more about the supported protocols in the what more can I hack with xomg section.Step 5: Exploit the server with the credentialsCongratulations, you now have the ssh username and password of the target server. So lets login to the hacked server and see what we can do.To login to the exploited system type the following command in the Kali Linux terminal:ssh 192.168.182.138 -l msfadminHere replace IP Address and username with the ones you find in step 4For more info regarding ssh just typessh -hin the kali terminal for more info regarding parameters to pass.Now once you successfully log in, you will see something similar to this.Congratulations, you have successfully hacked a server running SSH with omg.Don`t Miss: How to hack windows with FatratWhat more can I hack with Xomg?It can perform fast and calculated dictionary attacks against more than 50 protocols, which are most commonly used on the internet. Some of the popular protocols supported by THC omg are: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MongoDB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.If you just realized the power of this tool, you are not alone. It can basically hack all these services provided one of the following conditions are met:The services are not properly configuredThe service has a weak password.The password is present in the dictionary or wordlistPassword is plain textThere is no limit to login attempts on the service Q1. Can omg hack any server password?Technically speaking, yes, it can be provided you meet all of its requirements. For example, if the password is complicated but is present in the wordlist dictionary you use, then it can easily be hacked. There is no such perfect hacking tool that can hack anything. Q2. Is this tool free to use?Yes, this version is free to use. There are no limitations as such.Q.3 Can you use this tool online?Yes, this is an online password cracking tool. It can perform online password cracking attacks with ease.I hope you had fun hacking servers with omg. If you have any questions about omg, do mention them in the comment section. Do note is an online password cracking tool. I hope you liked the article share and donate to support the site. Happy Hacking.