Thursday, April 9, 17:40
Home security THC Hydra: How to use password cracker

THC Hydra: How to use password cracker

THC Hydra password cracker: If you are dealing with its space security, then you probably haven't heard of THC Hydra. It is one of the most well known and effective password crackers while offering its users the opportunity to discover how they can protect their passwords from relevant attacks.

It's fast, flexible, and easily configurable. Unlike other password crackers, it supports a wide range of protocols such as:

  • Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
  • HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST,
  • HTTPS-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
  • HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
  • Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec,
  • Rlogin, Rsh, RTSP, SAP / R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1 + v2 + v3, SOCKS5,
  • SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to install it

The first step to install Hydra password cracker, is to download the relevant project from GitHub and compile:

$ git clone https://github.com/vanhauser-thc/thc-hydra
$ cd thc-hydra /
$ ./configure
$ make
$ Make install

In Debian / Ubuntu versions to install the required libraries run the following command:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libncp-dev
- Advertisement -

Instructions and related details with Hydra for Windows you can find here. Download it all archive, unzip the folder and finally run hydra.exe.

How to use it

To see all the available tool commands, type hydra in a terminal.

hydra [[[-l LOGIN | -L FILE] [-p PASS | -p FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-w TIME] [-f TIME] [-f] [-s PORT] [-x MIN: MAX: CHARSET] [-SuvV46] [service: // server [: PORT] [/ OPT]]

Examples of different commands you can run, depending on the attack protocol, can be found below:

Find a password for a specific username

As we have already mentioned, Hydra is a very powerful tool, capable of working together with different protocols. For example, if you want to crack the ftp password for a specific username, you can use dictionary attack. These attacks usually use a dictionary / dictionaries containing the passwords most frequently chosen by users, as well as a multitude of alphabet words. The -l parameter is used to declare a specific username and -p to declare the dictionary file:

hydra -l raj -P pass.txt 192.168.1.108 ftp

Find a username for a specific password

In the opposite case, where you own it password and you want to check which username (for ftp service or some other) corresponds you can use the same dictionary attack technique:

hydra -L user.txt -p 123 192.168.1.108 ftp

Find a username and password

Combined, if you want to find a username and password (for ftp service or some other) you can run the following again with the technique dictionary attack. The -L parameter activates the dictionary mode for possible usernames and -P for possible passwords.

hydra -L user.txt -P pass.txt 192.168.1.108 ftp

Save result to disk

For maintenance and reading purposes, you can record the results of the Hydra commands in a file. For this reason, use the -th parameter and then the desired file title:

hydra -L user.txt -P pass.txt 192.168.1.108 ftp -o result.txt

Continuing the attack

Many times an attack can be stopped or a block canceled, so using the -r parameter you can continue the attack by running the last failed command instead of starting at the beginning:

hydra -L user.txt -P pass.txt 192.168.1.108 ftp
hydra -R

Attack on a specific door

Network admins often change the number of one service door to another. In the previous cases where we looked at ftp service, Hydra ran the attack on the 21 door, its default door ftp.

However, by using the -s parameter you can run the attack by selecting the number of the door you want to control, not the default service door:

hydra -L user.txt -P pass.txt 192.168.1.108 ftp -s 2121

Attack on many hosts

To run dictionary attack on usernames and passwords for multiple hosts on network, select the -M parameter. This parameter allows you to set a list of multiple hosts to attack:

hydra -L user.txt -P pass.txt -M hosts.txt ftp

The -F parameter will allow you to end an attack on multiple targets only in the first match:

hydra -L user.txt -P pass.txt -M hosts.txt ftp -V -F

How did the Hydra password cracker look like? Will you try it?

stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Bill Gates: Schools open in the fall and the economy collapses

Bill Gates believes schools will be able to open in the fall, he told Becky Quick on CNBC.

OTE Group Telecommunications Museum: Educational programs and entertainment activities from home for children aged 4-12 and the whole family

Educational programs and entertainment activities for children and families, in which they can participate from home, are offered by the Group's Telecommunications Museum ...

Microsoft: The April 2020 update for Office has been released

Microsoft released the non-security updates of April 2020 for Microsoft Office, which include corrections for errors as well as improvements ...

Tesla's new Cheetah mode offers top performance

The new Cheetah mode in the Tesla S model pushes the electric car from 0 to 100 km / h faster than ...

Tails 4.5: The new, safer version has been released!

Tails 4.5: The new, safer version has been released - Tails, is a live operating system based on ...

Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...

Russia is expected to try to manipulate the 2020 elections

The report comes after election security experts remain on alert for attempts to manipulate the 2020 election by ...

COVID-19: Can it be "reactivated" in treated patients?

According to the Korean Centers for Disease Control and Prevention (KCDC), Coronavirus COVID-19 can be "reactivated" in treated patients. Indicatively, approximately ...