Hydra - Password Crack Tool

Introduction: Hydra is a tool to guess/crack valid login/password pairs. The newest version is always available at http://www.thc.org/thc-hydra

source code: git clone https://github.com/vanhauser-thc/thc-hydra.git

how to compile? ./configure make make install

install command: brew install hydra --with-libssh (不加libssh無法爆破ssh)

Supported services: asterisk cisco cisco-enable cvs ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] rdp redis rexec rlogin rsh s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp

Examples:

hydra -l user -P passlist.txt ftp://192.168.0.1

hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

hydra -l admin -p password ftp://[192.168.0.0/24]/

hydra -L logins.txt -P pws.txt -M targets.txt ssh

hydra -l admin -P pass.txt ftp://192.168.0.87

hydra -l xavi -P pass.txt ssh://192.168.0.87

hydra -l root -P pass.txt mysql://192.168.0.87

hydra -L account.txt -P weak pass.txt ftp://192.168.0.1

ATTENTION: -L後跟文件，-l 後跟username or password

Options:

-R restore a previous aborted/crashed session

-S perform an SSL connect

-s PORT if the service is on a different default port, define it here

-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE

-p PASS or -P FILE try password PASS, or load several passwords from FILE

-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help

-e nsr try "n" null password, "s" login as pass and/or "r" reversed login

-u loop around users, not passwords (effective! implied with -x)

-C FILE colon separated "login:pass" format, instead of -L/-P options

-M FILE list of servers to attack, one entry per line, : to specify port

-o FILE write found login/password pairs to FILE instead of stdout

-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)

-t TASKS run TASKS number of connects in parallel (per host, default: 16)

-w / -W TIME waittime for responses (32s) / between connects per thread

-4 / -6 prefer IPv4 (default) or IPv6 addresses

-v / -V / -d verbose mode / show login+pass for each attempt / debug mode

-q do not print messages about connection errors

-U service module usage details

server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)

service the service to crack (see below for supported protocols)

OPT some service modules support additional input (-U for module help)