计算机网络实用工具之Hydra

简介

Hydra 是一个并行登录破解程序，支持多种协议进行攻击。它非常快速且灵活，并且很容易添加新模块。 该工具使研究人员和安全顾问能够展示远程未经授权访问系统是多么容易。

目前该工具支持以下协议：

 Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY,  HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST,  HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener,  Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin,  Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5,  SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth,  VNC and XMPP.

※注意：不要用于非法目的，不要用于非授权测试，本文意在说明弱密码的不安全性

官网

GitHub - vanhauser-thc/thc-hydra: hydra

安装

# ubuntu 20.04
# 安装hydra
root@ubuntu:~# sudo apt install hydra# 安装xhydra,该软件包为 Hydra 提供基于 GTK+ 的 GUI
root@ubuntu:~# sudo apt install hydra-gtk

使用帮助

hydra

root@ubuntu:~# hydra -h
Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [service://server[:PORT][/OPT]]Options:-R        restore a previous aborted/crashed session-I        ignore an existing restore file (don't wait 10 seconds)-S        perform an SSL connect-s PORT   if the service is on a different default port, define it here-l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE-p PASS  or -P FILE  try password PASS, or load several passwords from FILE-x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help-y        disable use of symbols in bruteforce, see above-e nsr    try "n" null password, "s" login as pass and/or "r" reversed login-u        loop around users, not passwords (effective! implied with -x)-C FILE   colon separated "login:pass" format, instead of -L/-P options-M FILE   list of servers to attack, one entry per line, ':' to specify port-o FILE   write found login/password pairs to FILE instead of stdout-b FORMAT specify the format for the -o FILE: text(default), json, jsonv1-f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)-t TASKS  run TASKS number of connects in parallel per target (default: 16)-T TASKS  run TASKS connects in parallel overall (for -M, default: 64)-w / -W TIME  wait time for a response (32) / between connects per thread (0)-c TIME   wait time per login attempt over all threads (enforces -t 1)-4 / -6   use IPv4 (default) / IPv6 addresses (put always in [] also in -M)-v / -V / -d  verbose mode / show login+pass for each attempt / debug mode -O        use old SSL v2 and v3-q        do not print messages about connection errors-U        service module usage details-h        more command line options (COMPLETE HELP)server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)service   the service to crack (see below for supported protocols)OPT       some service modules support additional input (-U for module help)Supported services: adam6500 asterisk cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmppHydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at https://github.com/vanhauser-thc/thc-hydra
Don't use in military or secret service organizations, or for illegal purposes.
These services were not compiled in: afp ncp oracle sapr3.Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup.
E.g. % export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)% export HYDRA_PROXY=connect_and_socks_proxylist.txt  (up to 64 entries)% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080% export HYDRA_PROXY_HTTP=proxylist.txt  (up to 64 entries)Examples:hydra -l user -P passlist.txt ftp://192.168.0.1hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAINhydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5hydra -l admin -p password ftp://[192.168.0.0/24]/hydra -L logins.txt -P pws.txt -M targets.txt ssh

dpl4hydra

root@ubuntu:~# dpl4hydra -h
dpl4hydra v0.9.9 (c) 2012 by Roland Kessler (@rokessler)Syntax: dpl4hydra [help] | [refresh] | [BRAND] | [all]This script depends on a local (d)efault (p)assword (l)ist called
/root/.dpl4hydra/dpl4hydra_full.csv. If it is not available, regenerate it with
'dpl4hydra refresh'. Source of the default password list is
http://open-sez.meOptions:help        Help: Show this messagerefresh     Refresh list: Download the full (d)efault (p)assword (l)istand generate a new local /root/.dpl4hydra/dpl4hydra_full.csv file. Takes time!BRAND       Generates a (d)efault (p)assword (l)ist from the local file/root/.dpl4hydra/dpl4hydra_full.csv, limiting the output to BRAND systems, usingthe format username:password (as required by THC hydra).The output file is called dpl4hydra_BRAND.lst.all         Dump list of all systems credentials into dpl4hydra_all.lst.Example:
# dpl4hydra linksys
File dpl4hydra_linksys.lst was created with 20 entries.
# hydra -C ./dpl4hydra_linksys.lst -t 1 192.168.1.1 http-get /index.asp

 hydra-wizard

# 向导方式执行hydra
root@ubuntu:~# man hydra-wizard
HYDRA-WIZARD(1)                                                          General Commands Manual                                                          HYDRA-WIZARD(1)NAMEHYDRA-WIZARD - Wizard to use hydra from command lineDESCRIPTIONThis script guide users to use hydra, with a simple wizard that will make the necessary questions to launch hydra from command line a fast and easily1. The wizard ask for the service to attack2. The target to attack3. The username o file with the username what use to attack4. The password o file with the passwords what use to attack5. The wizard ask if you want to test for passwords same as login, null or reverse login6. The wizard ask for the port number to attackFinally, the wizard show the resume information of attack, and ask if you want launch attackSEE ALSOhydra(1), dpl4hydra(1),AUTHORhydra-wizard was written by Shivang Desai <shivang.ice.2010@gmail.com>.This manual page was written by Daniel Echeverry <epsilon77@gmail.com>, for the Debian project (and may be used by others).

pw-inspector

# 基于已有的密码字典，按规则过滤并生成新的密码字典
root@ubuntu:~# pw-inspector
PW-Inspector v0.2 (c) 2005 by van Hauser / THC vh@thc.org [https://github.com/vanhauser-thc/thc-hydra]Syntax: pw-inspector [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -sOptions:-i FILE    file to read passwords from (default: stdin)-o FILE    file to write valid passwords to (default: stdout)-m MINLEN  minimum length of a valid password-M MAXLEN  maximum length of a valid password-c MINSETS the minimum number of sets required (default: all given)
Sets:-l         lowcase characters (a,b,c,d, etc.)-u         upcase characters (A,B,C,D, etc.)-n         numbers (1,2,3,4, etc.)-p         printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)-s         special characters - all others not withint the sets abovePW-Inspector reads passwords in and prints those which meet the requirements.
The return code is the number of valid passwords found, 0 if none was found.
Use for security: check passwords, if 0 is returned, reject password choice.
Use for hacking: trim your dictionary file to the pw requirements of the target.
Usage only allowed for legal purposes.

使用示例

从已有密码字典生成新密码字典

# 从已有密码字典中过滤出长度为5-7位的密码
root@ubuntu:~# pw-inspector -i ./passwd.list -o ./new_passwd.list -m 5 -M 7# 原密码文件
root@ubuntu:~# cat passwd.list 
1234
12345
123456
1234567
12345678
123456789# 新密码文件
root@ubuntu:~# cat new_passwd.list 
12345
123456
1234567

使用密码字典进行密码猜解

# 用户：root，密码字典：new_passwd.list，协议：ssh，目标：192.168.21.131
root@ubuntu:~# hydra -l root -P new_passwd.list ssh://192.168.21.131
Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-07 13:52:39
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 3 tasks per 1 server, overall 3 tasks, 3 login tries (l:1/p:3), ~1 try per task
[DATA] attacking ssh://192.168.21.131:22/
[22][ssh] host: 192.168.21.131   login: root   password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-12-07 13:52:41

种草

本文为"计算机网络实用工具系列"的内容之一，会持续更新其它相关博文。

我的博文内容主要针对“计算机网络”、“安全”、“运维”和“云计算”方向，感兴趣朋友的请关注我，我将不定期发布新的博文并不断改进已发布博文。

后期依据大家对博文的评论，点赞及关注情况，针对大家感兴趣的内容我也会录制视频并整理出成套的学习资料免费分享给大家，期待能和大家一起交流学习。