THC-Hydra
A very fast network logon cracker which support many different services
hydra-5.7-src.tar.gz
Last update 2010-06-14
[0x00] News and Changelog
Good news: hydra is now maintained again by me! (as of June 2010),
and is now under GPLv3!
another good news (for me): no more windows .exe cygwin port. So
many clueless people hassled me why hydra.exe does not work for them
when they double-click on it ... duh
And finally: a new version of hydra :-)
CHANGELOG for 5.7: (last public version was 5.4)
###########
* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
* Removed unnecessary compiler warnings
* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
* Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
Release 5.6 PRIVATE VERSION
###########
* Moved to GPLv3 License (lots of people wanted that)
* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
* Added firebird support (by David Maciejak @ GMAIL dot com)
* Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld')
* Removed Palm and ARM support
* Fix for cygwin which falsely detected postgres library when there was none.
* Several small bugfixes
Have fun!
[0x01] Introduction
Welcome to the mini website of the THC Hydra project.
Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.
Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable,
LDAP2, Cisco AAA (incorporated in telnet module).
This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
access from remote to a system.
[0x02] Disclaimer
1. This tool is for legal purposes only!
2. The GPLv3 applies to this code.
[0x03] Documentation
Hydra comes with a rather long README file that describes the
details about the usage and special options.
[0x04] Development & Contributions
Your contributions are more than welcomed!
If you find bugs, coded enhancements or wrote a new attack module for a service,
please send them to vh (at) thc (dot) org and add the word "antispam"
in the subject line.
Interesting attack modules would be:
Subversion, Oracle SQL*Net, HTTP-NTLM, PPPoE, PPTP, ...
(or anything else you might be able to do (and is not there yet))
[0x05] Screenshots
(1) Target selection
(2) Login/Password setup
(3) Hydra start and output
[0x06] The Art of Downloading: Source and Binaries
For your pleasure, Hydra comes as source and binary release.
1. The source code of Hydra: hydra-5.7-src.tar.gz
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)
2. The Win32/Cywin binary release: --- not anymore ---
Install cygwin from http://www.cygwin.com
and compile it yourself. If you do not have cygwin installed - how
do you think you will do proper securiy testing? duh ...
3. ARM and Palm binaries here are old and not longer maintained:
ARM: hydra-5.0-arm.tar.gz
Palm: hydra-4.6-palm.zip
Comments and suggestions are welcome.
Ref: http://freeworld.thc.org/thc-hydra/
Comments