Brute force password cracking in Linux

Source: Internet
Author: User
Tags imap nntp ssl connection
What is the most violent in network security? Everyone may say in a different voice: cracking # Good. cracking is often ignored by many experts, especially brute force cracking. Many people think this is an incompetent performance. But sometimes it is the only and effective method in the intrusion. TAFUt \ c remote cracking is believed to have been used by everyone. I first pushed hydra. Http: freeworld

What is the most violent in network security? You may say "cracking!" in a different voice !". Yes, cracking is often ignored by many experts, especially brute force cracking. Many people think this is an incompetent performance. But sometimes it is the only and effective method in the intrusion.
T & AFU tc remote cracking I believe everyone has used it. I'm the first to launch hydra.
Http ://FreeWorld.thc.org/releases.Php
 

1. The source code of Hydra: hydra-5.4-src.tar.gz
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

2. The Win32/Cywin binary release: hydra-5.4-win.zip
(everything you need to run hydra on win32 platforms is in this zip file)

4. The ARM binary release: hydra-5.0-arm.tar.gz (soon updated)
(created by tick (at) thc (dot) org - everything except SAP R/3 is supported,
runs on all Handhelds with ARM processors running Linux, e.g. iPaq, Zaurus, etc.)

3. The Palm binary release: hydra-4.6-palm.zip
(created by snakebyte (at) gmx (dot) de - does not support all attack modules yet)
[NOTE: the Palm release has got a different source tree. Therefore not all]
[ modules are supported, and updates are not very often.




This is a remote logon password cracking tool on * nix platform. It supports TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, CiscoEnable, SMTP-AUTH, SSH2, SNMP, CVS, Cisco AAA many login Methods password cracking. You can easily compile the program according to the instruction file. To take care of those windows users, we compiled the win version of hydra under cygwin. I will also introduce hydra under win.
* = V ~ YF: Qb runtime description:
) MF 5Vw "E: mfmexploithydra> hydra
Hydra v4.3 [_ blank> http://www.thc.org] (c) 2004 by van Hauser/THC
JzQ) jdvp
6g cF fo Syntax: hydra [[[-l LOGIN |-l file] [-p PASS |-p file] | [-c file] [-e ns]
XAF + 0 x! [-O FILE] [-t TASKS] [-m file [-t tasks] [-w TIME] [-f] [-s PORT] [-S] [- vV]
DH \ 0z [server service [OPT]
DtXr WS/
* U & 0 <{| T Options:
LR ~ R % (rM-R resume previously interrupted sessions
A_f ~ N1kq-S over SSL connection
9 K {% vK-s PORT if the service PORT is not the default PORT, specify the service PORT here
Ve} (s? HU 5-l LOGIN or-l file specifies the LOGIN Account, or a FILE containing many accounts
K L1/^ 1-p PASS or-p file specifies the password FILE to be used
X @ P y> f2-e ns additional option, "n" check for empty password, "s" try to check for the same account name and password
XjfV? B \ 'y} V-C FILE specifies a FILE containing the "login: pass" format to replace the-L and-P options.
] O * # t-m file specifies the target address FILE, with one address in one row.
EhzM) uK-o FILE records the found account and password to the specified FILE
D! {Y $;-f End the probe after finding the first account and password pair
0 HGM4 [) =-t TASKS specifies the number of threads (16 by default)

-W TIME specifies the maximum wait TIME for the response (in seconds, the default value is 30)
4! I $4-v/-V detailed Display Mode
UtPLI al server specifies the target address
The service that C7rNV 0.Fq service is about to crack. The following services are supported: [teLnEtFtpPop3 imap smb
XbdN0 ma u smbnt http https http-proxy cisco-enable ldap mssql mysql nntp vNcSocks5
\ 'Fqqzx "r rexec snmp cvs icq pcnfs sapr3 ssh2 smtp-auth]
SX <'{x & l opt some service modules require specific information
J/R [<47
} Gaw v I have tried my best to translate the original English description to everyone. I believe everyone can understand it.
# R # 1Jt T note that the above OPT can be the following values:
WG ~ '[> Y (service module optional parameter
A # Iyb) {Y ============================================== ======
K jg ~ Authorization # T www/http/ssl/https
RX4j * u2u indicates that the verification page can be a value similar to the following:
Value can be "/secret" or "_ blank> http://bla.com/foo/bar % 5 m/" or
"_ Blank> https://test.com: 8080/members! J: 9'xd |"
Http-proxy specifies the authentication page (optional, default is _ blank> http://www.suse.com/; 1: Js0 =; H)
5 K 'l $ mW {smbnt value [l, LH, D, DH, B, BH] (REQUIRED)
QIBAA clO (L) Check local account (D) domain account (B) either
.} Q & 5 v (H) NTLM hash
M @ '; J jtSA ldap specifies the DN (optional, can be specified using the-l option)
E7m * rh % 5> cisco-enable specified the logon password for the cisco device (REQUIRED)
K % a % a6 k'sapr3 specified the clientId, A number between 0 and 99 (REQUIRED)
X; I ~ [Jogt # Fj] I only translated what I think is important. If you still cannot understand it, let's look at several examples.
We want to crack an HTTP login page. The login account is superlone, and the password file is in the current directory pass.txt. The target address is _ blank> www.attack.com * VFf. aPwYi.CommandBehavior:
Hydra-l superlone-P pass.txt _ blank> www.attack.com 4 x http/members/
%> ~ S J0
* In v9 2, for example, if we want to crack the NTLM password and local account on nt.microsoft.com, we can do this:
; $ SmH = I hydra-m LH-l administrator-P sam.DumpNt.microsoft.com smbnt
H |,: e; >}in the two examples above, the reader should use this tool. During cracking, you can press ctrl + c to terminate the guessing process at any time. The next time you want to continue the guessing process, you can use hydra-R to continue the previous guessing process.
Ta "} For the http/www Service, we can specify a proxy server. The method is to specify the environment variable:
/J = v] <87a HYDRA_PROXY_HTTP is the specified proxy address. For example:
E: mfmexico ploithydra>SetHYDRA_PROXY_HTTP = "_ blank> http: // 222.124.114.10:

8080 /"
Aa Ws} M
1C gso 'if you want to use a proxy for other services, you must specify the HYDRA_PROXY_CONNECT value as the proxy address. For example:
B [o "7 ^ H HYDRA_PROXY_CONNECT = proxy.anonymizer.com: 8000
8 W, Jh8N6 if the proxy server needs to verify, you can specify the following environment variable values as the specified account and password:
'$ W_R [HYDRA_PROXY_AUTH = "the_login: the_password"
@ YcDCB (D}
HY & aV2 | A1 this tool is basically finished. I don't know what kind of thinking the reader will have after reading it. Maybe it's just like me, so it's better for its powerful functions?
7 "20hAd introduces remote access, and local access cannot be pulled down. It is estimated that everyone here will say that local people who use lc on earth will know. Good lc, as a local password cracking tool, is indeed very powerful and a must-have tool for many hackers. But today I want to introduce a new software, saminside. Let's take a look at the interface first.
J I> o!
G Uon/G8 looks simple. Click the drop-down menu of the first folder icon and you will see a lot of options as follows:
LDYyq G 4 Import from sam and system files ..... Import from the local sam Database and system files
W ST8SE zJ Import from sam and syskey file... Import from the local sam Database and syskey
Ta (Y: * R I Import from PWDUMP file... SlavePwdUmp File Import
D ~ Hg $ Xz K Import from. LCP file .... Import from the. LCP File
U %} n w:> Import from. LCS file .... Import from the. LCS File
8u 6: = fxb Import from. LC file .... Import from the. LC File
MZ SD (
'A w ^ H! Previous Page [1] [2]
B *?] H * K
0AZ ") <^ ~ 7 VER 4.5
>/L? G5 {HYDRA 4.5 Chinese usage instructions (I have provided several examples in particular. This description is a free translation)
F m U {
Uw f + Term: FreeXploiT
1eS & J5
CpL7!> ^ =

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.