github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

update web link

Browse source
This commit is contained in:
van Hauser 2018-08-18 14:41:32 +02:00
parent 54bec96fb4
commit 0796c5f954
8 changed files with 149 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -3,6 +3,7 @@ Changelog for hydra
Release 8.7-dev
* New web page: https://github.com/vanhauser-thc/thc-hydra
* http-get/http-post:
- now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch)
- 403/404 errors are now always registered as failed attempts

6
README
View file

@ -2,7 +2,7 @@
H Y D R A
(c) 2001-2018 by van Hauser / THC
<vh@thc.org> http://www.thc.org
<vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
WHERE TO GET
------------
You can always find the newest release/production version of hydra at its
project page at https://www.thc.org/thc-hydra
project page at https://github.com/vanhauser-thc/thc-hydra/releases
If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
@ -377,7 +377,7 @@ Version 1.00 example:
"These are very free form"
],
"generator": {
"built": "2018-01-01 14:44:22",
"built": "2018-03-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",

4
README.md
View file

@ -2,7 +2,7 @@
H Y D R A
(c) 2001-2018 by van Hauser / THC
<vh@thc.org> http://www.thc.org
<vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
WHERE TO GET
------------
You can always find the newest release/production version of hydra at its
project page at https://www.thc.org/thc-hydra
project page at https://github.com/vanhauser-thc/thc-hydra/releases
If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra

2
hydra-pcnfs.c
View file

@ -66,7 +66,7 @@ int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, ch
prh->len_passwd = htonl(63);
prh->len_comments = htonl(254);
strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes ");
strcpy(prh->comments, " Hydra - THC password cracker - visit https://github.com/vanhauser-thc/thc-hydra - use only allowed for legal purposes ");
strcpy(prh->name, "localhost");
ptr = prh->id;

4
hydra.c
View file

@ -1,6 +1,6 @@
/*
* hydra (c) 2001-2018 by van Hauser / THC <vh@thc.org>
* http://www.thc.org
* https://github.com/vanhauser-thc/thc-hydra
*
* Parallized network login hacker.
* Don't use in military or secret service organizations, or for illegal purposes.
@ -207,7 +207,7 @@ char *SERVICES =
#define VERSION "v8.7-dev"
#define AUTHOR "van Hauser/THC"
#define EMAIL "<vh@thc.org>"
#define RESOURCE "http://www.thc.org/thc-hydra"
#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra"
extern char *hydra_strcasestr(const char *haystack, const char *needle);
extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize);

2
pw-inspector.c
View file

@ -8,7 +8,7 @@
#define PROGRAM "PW-Inspector"
#define VERSION "v0.2"
#define EMAIL "vh@thc.org"
#define WEB "http://www.thc.org"
#define WEB "https://github.com/vanhauser-thc/thc-hydra"
#define MAXLENGTH 256

17
web/CHANGES
View file

@ -1,7 +1,22 @@
Changelog for hydra
-------------------
Release 8.6-dev
Release 8.7-dev
* New web page: https://github.com/vanhauser-thc/thc-hydra
* http-get/http-post:
- now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch)
- 403/404 errors are now always registered as failed attempts
* mysql module: a non-default port was not working, fixed
* added -w timeout support to ssh module
* fixed various memory leaks in http-form module
* corrected hydra return code to be 0 on success
* added patch from debian maintainers which fixes spellings
* fixed weird crash on x64 systems
* many warning fixes by crondaemon
Release 8.6
* added radmin2 module by catatonic prime - great work!
* smb module now checks if SMBv1 is supported by the server and if signing is required
* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)

116
web/README
View file

@ -1,8 +1,8 @@
H Y D R A
(c) 2001-2017 by van Hauser / THC
<vh@thc.org> http://www.thc.org
(c) 2001-2018 by van Hauser / THC
<vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
@ -49,7 +49,7 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-)
WHERE TO GET
------------
You can always find the newest release/production version of hydra at its
project page at https://www.thc.org/thc-hydra
project page at https://github.com/vanhauser-thc/thc-hydra/releases
If you are interested in the current development state, the public development
repository is at Github:
svn co https://github.com/vanhauser-thc/thc-hydra
@ -64,19 +64,25 @@ HOW TO COMPILE
--------------
To configure, compile and install hydra, just type:
```
./configure
make
make install
```
If you want the ssh module, you have to setup libssh (not libssh2!) on your
system, get it from http://www.libssh.org, for ssh v1 support you also need
to add "-DWITH_SSH1=On" option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed
for a few optional modules:
for a few optional modules (note that some might not be available on your distribution):
```
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev
firebird-dev libncp-dev
```
This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol - which you will need to download and
install from the vendor's web sites.
@ -90,31 +96,34 @@ and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
- All UNIX platforms (Linux, *bsd, Solaris, etc.)
- MacOS (basically a BSD clone)
- Windows with Cygwin (both IPv4 and IPv6)
- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
HOW TO USE
----------
If you just enter "hydra", you will see a short summary of the important
If you just enter `hydra`, you will see a short summary of the important
options available.
Type "./hydra -h" to see all available command line options.
Type `./hydra -h` to see all available command line options.
Note that NO login/password file is included. Generate them yourself.
A default password list is however present, use "dpl4hydra.sh" to generate
a list.
For Linux users, a GTK gui is available, try "./xhydra"
For Linux users, a GTK gui is available, try `./xhydra`
For the command line usage, the syntax is as follows:
For attacking one target or a network, you can use the new "://" style:
hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS
hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS
The old mode can be used for these too, and additionally if you want to
specify your targets from a text file, you *must* use this one:
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS]
```
Via the command line options you specify which logins to try, which passwords,
if SSL should be used, how many parallel tasks to use for attacking, etc.
@ -122,7 +131,7 @@ if SSL should be used, how many parallel tasks to use for attacking, etc.
PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp,
http-get or many others are available
TARGET is the target you want to attack
OPTIONS are optional values which are special per PROTOCOL module
MODULE-OPTIONS are optional values which are special per PROTOCOL module
FIRST - select your target
you have three options on how to specify the target you want to attack:
@ -147,7 +156,7 @@ FOURTH - the destination port
If you use "://" notation, you must use "[" "]" brackets if you want to supply
IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack:
hydra [some command line options] ftp://[192.168.0.0/24]/
hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM
hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM
Note that everything hydra does is IPv4 only!
If you want to attack IPv6 addresses, you must add the "-6" command line option.
@ -158,22 +167,27 @@ notation but use the old style and just supply the protocol (and module options)
hydra [some command line options] -M targets.txt ftp
You can supply also port for each target entry by adding ":<port>" after a
target entry in the file, e.g.:
```
foo.bar.com
target.com:21
unusual.port.com:2121
default.used.here.com
127.0.0.1
127.0.0.1:2121
```
Note that if you want to attach IPv6 targets, you must supply the -6 option
and *must* put IPv6 addresses in brackets in the file(!) like this:
```
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
```
LOGINS AND PASSWORDS
--------------------
@ -182,45 +196,68 @@ With -l for login and -p for password you tell hydra that this is the only
login and/or password to try.
With -L for logins and -P for passwords you supply text files with entries.
e.g.:
```
hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/
```
Additionally, you can try passwords based on the login via the "-e" option.
The "-e" option has three parameters:
```
s - try the login as password
n - try an empty password
r - reverse the login and try it as password
```
If you want to, e.g. try "try login as password and "empty password", you
specify "-e sn" on the command line.
But there are two more modes for trying passwords than -p/-P:
You can use text file which where a login and password pair is separated by a colon,
e.g.:
```
admin:password
test:test
foo:bar
```
This is a common default account style listing, that is also generated by the
dpl4hydra.sh default account file generator supplied with hydra.
You use such a text file with the -C option - note that in this mode you
can not use -l/-L/-p/-P options (-e nsr however you can).
Example:
```
hydra -C default_accounts.txt ftp://localhost/
```
And finally, there is a bruteforce mode with the -x option (which you can not
use with -p/-P/-C):
```
-x minimum_length:maximum_length:charset
the charset definition is 'a' for lowercase letters, 'A' for uppercase letters,
'1' for numbers and for anything else you supply it is their real representation.
```
the charset definition is `a` for lowercase letters, `A` for uppercase letters,
`1` for numbers and for anything else you supply it is their real representation.
Examples:
```
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
```
Example:
```
hydra -l ftp -x 3:3:a ftp://localhost/
```
SPECIAL OPTIONS FOR MODULES
---------------------------
@ -229,19 +266,23 @@ command line option, you can pass one option to a module.
Many modules use this, a few require it!
To see the special option of a module, type:
hydra -U <module>
e.g.
./hydra -U http-post-form
The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format.
Examples (they are all equal):
```
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
```
RESTORING AN ABORTED/CRASHED SESSION
------------------------------------
@ -251,28 +292,35 @@ restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little endian to big endian, or from solaris to aix)
HOW TO SCAN/CRACK OVER A PROXY
------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http services!).
The following syntax is valid:
```
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
HYDRA_PROXY_HTTP="proxylist.txt"
```
The last example is a text file containing up to 64 proxies (in the same
format definition as the other examples).
For all other services, use the HYDRA_PROXY variable to scan/crack.
It uses the same syntax. eg:
```
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
for example:
```
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
ADDITIONAL HINTS
----------------
@ -293,6 +341,7 @@ RESULTS OUTPUT
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
@ -302,7 +351,8 @@ If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
JSON Schema
-----------
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
@ -327,7 +377,7 @@ Version 1.00 example:
"These are very free form"
],
"generator": {
"built": "2017-03-01 14:44:22",
"built": "2018-01-01 14:44:22",
"commandline": "hydra -b jsonv1 -o results.json ... ...",
"jsonoutputversion": "1.00",
"server": "127.0.0.1",
@ -373,6 +423,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid). Every test was run three
times (only for "1 task" just once), and the average noted down.
```
P A R A L L E L T A S K S
SERVICE 1 4 8 16 32 50 64 100 128
------- --------------------------------------------------------------------
@ -380,6 +431,7 @@ telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
```
(*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
@ -387,9 +439,11 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
The reason for this is unknown...
guesses per task (rounded up):
295 74 38 19 10 6 5 3 3
guesses possible per connect (depends on the server software and config):
telnet 4
ftp 6
pop3 1
@ -406,6 +460,7 @@ vh@thc.org (and put "antispam" in the subject line)
You should use PGP to encrypt emails to vh@thc.org :
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v3.3.3 (vh@thc.org)
@ -471,3 +526,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
zB3yrr+vYBT0uDWmxwPjiJs=
=ytEf
-----END PGP PUBLIC KEY BLOCK-----
```