github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-14 18:48:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #251 from crondaemon/markdown

Browse source 
Change README to README.md syntax, thanks to crondaemon
This commit is contained in:
van Hauser 2017-08-18 11:37:31 +02:00 committed by GitHub
commit 8a936fe63a
1 changed files with 114 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

172
README → README.md
View file

@ -64,9 +64,11 @@ HOW TO COMPILE
--------------
To configure, compile and install hydra, just type:
```
./configure
make
make install
```
If you want the ssh module, you have to setup libssh (not libssh2!) on your
system, get it from http://www.libssh.org, for ssh v1 support you also need
@ -74,9 +76,13 @@ to add "-DWITH_SSH1=On" option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed
for a few optional modules:
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
```
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev
```
This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol - which you will need to download and
install from the vendor's web sites.
@ -90,31 +96,34 @@ and compile them manually.
SUPPORTED PLATFORMS
-------------------
All UNIX platforms (linux, *bsd, solaris, etc.)
MacOS
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
- All UNIX platforms (linux, *bsd, solaris, etc.)
- MacOS
- Windows with Cygwin (both IPv4 and IPv6)
- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
HOW TO USE
----------
If you just enter "hydra", you will see a short summary of the important
If you just enter `hydra`, you will see a short summary of the important
options available.
Type "./hydra -h" to see all available command line options.
Type `./hydra -h` to see all available command line options.
Note that NO login/password file is included. Generate them yourself.
A default password list is however present, use "dpl4hydra.sh" to generate
a list.
For Linux users, a GTK gui is available, try "./xhydra"
For Linux users, a GTK gui is available, try `./xhydra`
For the command line usage, the syntax is as follows:
For attacking one target or a network, you can use the new "://" style:
hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS
The old mode can be used for these too, and additionally if you want to
specify your targets from a text file, you *must* use this one:
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
Via the command line options you specify which logins to try, which passwords,
if SSL should be used, how many parallel tasks to use for attacking, etc.
@ -158,22 +167,27 @@ notation but use the old style and just supply the protocol (and module options)
hydra [some command line options] -M targets.txt ftp
You can supply also port for each target entry by adding ":<port>" after a
target entry in the file, e.g.:
foo.bar.com
target.com:21
unusual.port.com:2121
default.used.here.com
127.0.0.1
127.0.0.1:2121
```
foo.bar.com
target.com:21
unusual.port.com:2121
default.used.here.com
127.0.0.1
127.0.0.1:2121
```
Note that if you want to attach IPv6 targets, you must supply the -6 option
and *must* put IPv6 addresses in brackets in the file(!) like this:
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
```
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
```
LOGINS AND PASSWORDS
--------------------
@ -182,45 +196,68 @@ With -l for login and -p for password you tell hydra that this is the only
login and/or password to try.
With -L for logins and -P for passwords you supply text files with entries.
e.g.:
hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/
```
hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/
```
Additionally, you can try passwords based on the login via the "-e" option.
The "-e" option has three parameters:
s - try the login as password
n - try an empty password
r - reverse the login and try it as password
```
s - try the login as password
n - try an empty password
r - reverse the login and try it as password
```
If you want to, e.g. try "try login as password and "empty password", you
specify "-e sn" on the command line.
But there are two more modes for trying passwords than -p/-P:
You can use text file which where a login and password pair is separated by a colon,
e.g.:
admin:password
test:test
foo:bar
```
admin:password
test:test
foo:bar
```
This is a common default account style listing, that is also generated by the
dpl4hydra.sh default account file generator supplied with hydra.
You use such a text file with the -C option - note that in this mode you
can not use -l/-L/-p/-P options (-e nsr however you can).
Example:
hydra -C default_accounts.txt ftp://localhost/
```
hydra -C default_accounts.txt ftp://localhost/
```
And finally, there is a bruteforce mode with the -x option (which you can not
use with -p/-P/-C):
-x minimum_length:maximum_length:charset
the charset definition is 'a' for lowercase letters, 'A' for uppercase letters,
'1' for numbers and for anything else you supply it is their real representation.
```
-x minimum_length:maximum_length:charset
```
the charset definition is `a` for lowercase letters, `A` for uppercase letters,
`1` for numbers and for anything else you supply it is their real representation.
Examples:
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
```
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
```
Example:
hydra -l ftp -x 3:3:a ftp://localhost/
```
hydra -l ftp -x 3:3:a ftp://localhost/
```
SPECIAL OPTIONS FOR MODULES
---------------------------
@ -229,19 +266,23 @@ command line option, you can pass one option to a module.
Many modules use this, a few require it!
To see the special option of a module, type:
hydra -U <module>
e.g.
./hydra -U http-post-form
The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format.
Examples (they are all equal):
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
```
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
```
RESTORING AN ABORTED/CRASHED SESSION
------------------------------------
@ -251,28 +292,35 @@ restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little endian to big endian, or from solaris to aix)
HOW TO SCAN/CRACK OVER A PROXY
------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http services!).
The following syntax is valid:
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
HYDRA_PROXY_HTTP="proxylist.txt"
```
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
HYDRA_PROXY_HTTP="proxylist.txt"
```
The last example is a text file containing up to 64 proxies (in the same
format definition as the other examples).
For all other services, use the HYDRA_PROXY variable to scan/crack.
It uses the same syntax. eg:
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
for example:
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
ADDITIONAL HINTS
----------------
@ -293,6 +341,7 @@ RESULTS OUTPUT
The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported:
* `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there
@ -302,7 +351,8 @@ If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra.
### JSON Schema
JSON Schema
-----------
Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed
@ -373,6 +423,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid). Every test was run three
times (only for "1 task" just once), and the average noted down.
```
P A R A L L E L T A S K S
SERVICE 1 4 8 16 32 50 64 100 128
------- --------------------------------------------------------------------
@ -380,6 +431,7 @@ telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
```
(*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
@ -387,10 +439,12 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
The reason for this is unknown...
guesses per task (rounded up):
295 74 38 19 10 6 5 3 3
295 74 38 19 10 6 5 3 3
guesses possible per connect (depends on the server software and config):
telnet 4
telnet 4
ftp 6
pop3 1
imap 3
@ -406,6 +460,7 @@ vh@thc.org (and put "antispam" in the subject line)
You should use PGP to encrypt emails to vh@thc.org :
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v3.3.3 (vh@thc.org)
@ -471,3 +526,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
zB3yrr+vYBT0uDWmxwPjiJs=
=ytEf
-----END PGP PUBLIC KEY BLOCK-----
```