Wednesday, 10 August 2011

Cracking password with THC Hydra

If password length is not greater than 5 and contains only lower cases,
it will take less than 1 hour and a half to crack such telnet password.

http://thc.org/thc-hydra/
wget http://www.thc.org/releases/hydra-6.5-src.tar.gz
tar xvzf hydra-6.5-src.tar.gz
cd hydra-6.5-src
./configure --prefix=$HOME; make; make install

[user@serverName hydra-6.5-src]$ cd
[user@serverName ~]$ hydra
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only fo                                       r legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:43:14
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
 [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
 [-4|-6] [-x MIN:MAX:CHARSET] [server service [OPT]]|[service://server[:PORT][/O                                       PT]]

Options:
  -R        restore a previous aborted/crashed session
  -S        connect via SSL
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE try password PASS, or load several passwords from FILE
  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
  -e ns     additional checks, "n" for null password, "s" try login as pass
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   server list for parallel attacks, one entry per line
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f        exit after the first found login/password pair (per host if -M)
  -t TASKS  run TASKS number of connects in parallel (default: 16)
  -W TIME   defines the wait time between connects for one thread in seconds
  -w TIME   defines the max wait time in seconds for responses (default: 20)
  -4 / -6   prefer IPv4 (default) or IPv6 addresses
  -v / -V   verbose mode / show login+pass combination for each attempt
  -U        service module usage details
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: cisco cisco-enable cvs ft                                       p[s] http[s]-{head|get} http[s]-{get|post}-form http-proxy icq irc imap ldap2 ld                                       ap3[-{cram|digest}md5] mssql mysql nntp oracle-listener oracle-sid pcnfs pop3 pc                                       anywhere rexec rlogin rsh sip smb smtp smtp-enum snmp socks5 svn teamspeak telne                                       t vnc vmauthd xmpp
  OPT       some service modules need special input (use -U to see details)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only
for legal purposes! If used commercially, tool name, version and web address
must be mentioned in the report. Find the newest version at http://www.thc.org/t                                       hc-hydra

Examples:
  hydra -l john -p doe 192.168.0.1 imap
  hydra -l john -p doe 192.168.0.1 imap PLAIN
  hydra -l john -p doe 192.168.0.1 imap PLAIN -s 143
  hydra -l john -p doe imap://192.168.0.1/PLAIN
  hydra -l john -p doe imap://[::FFFF:192.168.0.1]:143 -6
[user@serverName ~]$ hydra -x -h
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:45:41
Hydra bruteforce password generation option usage:

  -x MIN:MAX:CHARSET

     MIN     is the minimum number of characters in the password
     MAX     is the maximum number of characters in the password
     CHARSET is a specification of the characters to use in the generation
             valid CHARSET values are: 'a' for lowercase letters,
             'A' for uppercase letters, '1' for numbers, and for all others,
             just add their real representation.

Examples:
   -x 3:5:a  generate passwords from length 3 to 5 with all lowercase letters
   -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
   -x 1:3:/  generate passwords from length 1 to 3 containing only slashes
   -x 5:5:/%,.-  generate passwords with length 5 which consists only of /%,.-

The bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/
[user@serverName ~]$
[user@serverName ~]$ hydra -l user -x 3:5:a localhost telnet
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:47:10
[DATA] 16 tasks, 1 servers, 12355928 login tries (l:1/p:12355928), ~772245 tries per task
[DATA] attacking service telnet on port 23
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)

[STATUS] 282.00 tries/min, 282 tries in 00:01h, 12355646 todo in 730:15h
The session file ./hydra.restore was written. Type "hydra -R" to resume session.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)