All the great things are simple, and many can be expressed in a single word: freedom, justice, honor, duty, mercy, hope.

Wednesday, January 30, 2013

Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ?


A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.

How to install THC-hydra ?


Open your terminal & type following command

(1)sudo bash

(2)wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz

(3)After downloading ,we are going to extract it

tar -xvf hydra-6.3-src.tar.gz

(4)tar -xvf hydra-6.3-src.tar.gz

(5)./configure && make && install

(6)make install


How to use THC-hydra?


If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21)

Now in order to brute-force a specific login form you need to define the user-name (if you don't know it include a file containing some), the word-lists directory, the service attacking and form method and the page itself.

Type following command in terminal

hydra -l admin -P /root/pass  127.0.0.1 http-post-form "/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:Not Logged In"

hydra-bruteforce

The -l switch defines the username and the capital -L - a list of usernames for the brute-force attack (if you don't know the login).

The -p switch defines the password and the capital -P - the directory for the wordlists ( the -P is used almost always)

If we're attacking a web form over http and the method is post then we use "http-post-form" if the service is FTP simply use "ftp".

Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the code.

They could be usr,pwd etc - it's not necessarily for them to be as in most cases "username" & "password". Just view the source and make sure what their names are.

Now there are a lot more options of Hydra. I'll explain some of them below no matter that they are included in the MAN page of hydra

-vV - The verbose mode. This mode shows you every login attempt hydra tries.

-s - We specify the port on which we're running our attack.

-x - For brute-force parameters generation. We define our charset and minimum & maximum length of it.

-R - Restores a previously aborted session of an attack.

-e ns - Checks for blank or no password fields.

No comments:

Post a Comment

UA-35960349-1