Skip to main content

Brute force attacks with Hydra

By Vikas Bagwe 
THC-Hydra

 A very fast network logon cracker which support many different services
 hydra-5.7-src.tar.gz

 Last update 2010-06-14


 [0x00] News and Changelog

        Good news: hydra is now maintained again by me! (as of June 2010),
        and is now under GPLv3!
        
        another good news (for me): no more windows .exe cygwin port. So
        many clueless people hassled me why hydra.exe does not work for them
        when they double-click on it ... duh

        And finally: a new version of hydra :-)


 CHANGELOG for 5.7: (last public version was 5.4)
 ###########
 * Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
 * Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
 * Removed unnecessary compiler warnings
 * Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
 * Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
  
 Release 5.6  PRIVATE VERSION
 ###########
 * Moved to GPLv3 License (lots of people wanted that)
 * Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
 * Added firebird support (by David Maciejak @ GMAIL dot com)
 * Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld')
 * Removed Palm and ARM support
 * Fix for cygwin which falsely detected postgres library when there was none.
 * Several small bugfixes

 Have fun!


 [0x01] Introduction

 Welcome to the mini website of the THC Hydra project.

 Number one of the biggest security holes are passwords, as every password security study shows.
 Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
 are easy to add, beside that, it is flexible and very fast.

 Currently this tool supports:
   TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
          RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
          ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable,
          LDAP2, Cisco AAA (incorporated in telnet module).

 This tool is a proof of concept code, to give researchers and security
 consultants the possiblity to show how easy it would be to gain unauthorized
 access from remote to a system.


 [0x02] Disclaimer

 1. This tool is for legal purposes only!
 2. The GPLv3 applies to this code.


 [0x03] Documentation 
 
 Hydra comes with a rather long README file that describes the
 details about the usage and special options.


 [0x04] Development & Contributions

 Your contributions are more than welcomed!
 
 If you find bugs, coded enhancements or wrote a new attack module for a service,
 please send them to vh (at) thc (dot) org and add the word "antispam"
 in the subject line.

 Interesting attack modules would be:
 Subversion, Oracle SQL*Net, HTTP-NTLM, PPPoE, PPTP, ...
 (or anything else you might be able to do (and is not there yet))

 
 [0x05] Screenshots

 
 (1) Target selection

 
 (2) Login/Password setup

 
 (3) Hydra start and output


 [0x06] The Art of Downloading: Source and Binaries
 
 For your pleasure, Hydra comes as source and binary release.

 1. The source code of Hydra: hydra-5.7-src.tar.gz
    (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

 2. The Win32/Cywin binary release: --- not anymore ---
    Install cygwin from http://www.cygwin.com
    and compile it yourself. If you do not have cygwin installed - how
    do you think you will do proper securiy testing? duh ...

        3. ARM and Palm binaries here are old and not longer maintained:
      ARM:  hydra-5.0-arm.tar.gz
             Palm: hydra-4.6-palm.zip


 Comments and suggestions are welcome.

Ref: http://freeworld.thc.org/thc-hydra/
Labels:

Comments

Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more