github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-20 13:23:57 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change REAME to README.md.

Browse source
This commit is contained in:
Dario Lombardo 2017-08-17 23:02:35 +02:00
commit a6d35e11bc
1 changed files with 114 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

168
README → README.md
View file

@ -64,9 +64,11 @@ HOW TO COMPILE
-------------- --------------
To configure, compile and install hydra, just type: To configure, compile and install hydra, just type:
```
./configure ./configure
make make
make install make install
```
If you want the ssh module, you have to setup libssh (not libssh2!) on your If you want the ssh module, you have to setup libssh (not libssh2!) on your
system, get it from http://www.libssh.org, for ssh v1 support you also need system, get it from http://www.libssh.org, for ssh v1 support you also need
@ -74,9 +76,13 @@ to add "-DWITH_SSH1=On" option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed If you use Ubuntu/Debian, this will install supplementary libraries needed
for a few optional modules: for a few optional modules:
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
```
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird2.1-dev libncp-dev firebird2.1-dev libncp-dev
```
This enables all optional modules and features with the exception of Oracle, This enables all optional modules and features with the exception of Oracle,
SAP R/3 and the apple filing protocol - which you will need to download and SAP R/3 and the apple filing protocol - which you will need to download and
install from the vendor's web sites. install from the vendor's web sites.
@ -90,31 +96,34 @@ and compile them manually.
SUPPORTED PLATFORMS SUPPORTED PLATFORMS
------------------- -------------------
All UNIX platforms (linux, *bsd, solaris, etc.) - All UNIX platforms (linux, *bsd, solaris, etc.)
MacOS - MacOS
Windows with Cygwin (both IPv4 and IPv6) - Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
HOW TO USE HOW TO USE
---------- ----------
If you just enter "hydra", you will see a short summary of the important If you just enter `hydra`, you will see a short summary of the important
options available. options available.
Type "./hydra -h" to see all available command line options. Type `./hydra -h` to see all available command line options.
Note that NO login/password file is included. Generate them yourself. Note that NO login/password file is included. Generate them yourself.
A default password list is however present, use "dpl4hydra.sh" to generate A default password list is however present, use "dpl4hydra.sh" to generate
a list. a list.
For Linux users, a GTK gui is available, try "./xhydra" For Linux users, a GTK gui is available, try `./xhydra`
For the command line usage, the syntax is as follows: For the command line usage, the syntax is as follows:
For attacking one target or a network, you can use the new "://" style: For attacking one target or a network, you can use the new "://" style:
hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS
The old mode can be used for these too, and additionally if you want to The old mode can be used for these too, and additionally if you want to
specify your targets from a text file, you *must* use this one: specify your targets from a text file, you *must* use this one:
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS
```
Via the command line options you specify which logins to try, which passwords, Via the command line options you specify which logins to try, which passwords,
if SSL should be used, how many parallel tasks to use for attacking, etc. if SSL should be used, how many parallel tasks to use for attacking, etc.
@ -158,22 +167,27 @@ notation but use the old style and just supply the protocol (and module options)
hydra [some command line options] -M targets.txt ftp hydra [some command line options] -M targets.txt ftp
You can supply also port for each target entry by adding ":<port>" after a You can supply also port for each target entry by adding ":<port>" after a
target entry in the file, e.g.: target entry in the file, e.g.:
foo.bar.com
target.com:21 ```
unusual.port.com:2121 foo.bar.com
default.used.here.com target.com:21
127.0.0.1 unusual.port.com:2121
127.0.0.1:2121 default.used.here.com
127.0.0.1
127.0.0.1:2121
```
Note that if you want to attach IPv6 targets, you must supply the -6 option Note that if you want to attach IPv6 targets, you must supply the -6 option
and *must* put IPv6 addresses in brackets in the file(!) like this: and *must* put IPv6 addresses in brackets in the file(!) like this:
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
```
foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]
```
LOGINS AND PASSWORDS LOGINS AND PASSWORDS
-------------------- --------------------
@ -182,45 +196,68 @@ With -l for login and -p for password you tell hydra that this is the only
login and/or password to try. login and/or password to try.
With -L for logins and -P for passwords you supply text files with entries. With -L for logins and -P for passwords you supply text files with entries.
e.g.: e.g.:
hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/ ```
hydra -l admin -P common_passwords.txt ftp://localhost/ hydra -l admin -p password ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/ hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/
```
Additionally, you can try passwords based on the login via the "-e" option. Additionally, you can try passwords based on the login via the "-e" option.
The "-e" option has three parameters: The "-e" option has three parameters:
s - try the login as password
n - try an empty password ```
r - reverse the login and try it as password s - try the login as password
n - try an empty password
r - reverse the login and try it as password
```
If you want to, e.g. try "try login as password and "empty password", you If you want to, e.g. try "try login as password and "empty password", you
specify "-e sn" on the command line. specify "-e sn" on the command line.
But there are two more modes for trying passwords than -p/-P: But there are two more modes for trying passwords than -p/-P:
You can use text file which where a login and password pair is separated by a colon, You can use text file which where a login and password pair is separated by a colon,
e.g.: e.g.:
admin:password
test:test ```
foo:bar admin:password
test:test
foo:bar
```
This is a common default account style listing, that is also generated by the This is a common default account style listing, that is also generated by the
dpl4hydra.sh default account file generator supplied with hydra. dpl4hydra.sh default account file generator supplied with hydra.
You use such a text file with the -C option - note that in this mode you You use such a text file with the -C option - note that in this mode you
can not use -l/-L/-p/-P options (-e nsr however you can). can not use -l/-L/-p/-P options (-e nsr however you can).
Example: Example:
hydra -C default_accounts.txt ftp://localhost/
```
hydra -C default_accounts.txt ftp://localhost/
```
And finally, there is a bruteforce mode with the -x option (which you can not And finally, there is a bruteforce mode with the -x option (which you can not
use with -p/-P/-C): use with -p/-P/-C):
-x minimum_length:maximum_length:charset
the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, ```
'1' for numbers and for anything else you supply it is their real representation. -x minimum_length:maximum_length:charset
```
the charset definition is `a` for lowercase letters, `A` for uppercase letters,
`1` for numbers and for anything else you supply it is their real representation.
Examples: Examples:
-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes ```
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters
-x 2:5:/ generate passwords from length 2 to 5 containing only slashes
-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
```
Example: Example:
hydra -l ftp -x 3:3:a ftp://localhost/
```
hydra -l ftp -x 3:3:a ftp://localhost/
```
SPECIAL OPTIONS FOR MODULES SPECIAL OPTIONS FOR MODULES
--------------------------- ---------------------------
@ -229,19 +266,23 @@ command line option, you can pass one option to a module.
Many modules use this, a few require it! Many modules use this, a few require it!
To see the special option of a module, type: To see the special option of a module, type:
hydra -U <module> hydra -U <module>
e.g. e.g.
./hydra -U http-post-form ./hydra -U http-post-form
The special options can be passed via the -m parameter, as 3rd command line The special options can be passed via the -m parameter, as 3rd command line
option or in the service://target/option format. option or in the service://target/option format.
Examples (they are all equal): Examples (they are all equal):
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
```
./hydra -l test -p test -m PLAIN 127.0.0.1 imap
./hydra -l test -p test 127.0.0.1 imap PLAIN
./hydra -l test -p test imap://127.0.0.1/PLAIN
```
RESTORING AN ABORTED/CRASHED SESSION RESTORING AN ABORTED/CRASHED SESSION
------------------------------------ ------------------------------------
@ -251,28 +292,35 @@ restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g.
from little endian to big endian, or from solaris to aix) from little endian to big endian, or from solaris to aix)
HOW TO SCAN/CRACK OVER A PROXY HOW TO SCAN/CRACK OVER A PROXY
------------------------------ ------------------------------
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works
just for the http services!). just for the http services!).
The following syntax is valid: The following syntax is valid:
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" ```
HYDRA_PROXY_HTTP="proxylist.txt" HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/"
HYDRA_PROXY_HTTP="proxylist.txt"
```
The last example is a text file containing up to 64 proxies (in the same The last example is a text file containing up to 64 proxies (in the same
format definition as the other examples). format definition as the other examples).
For all other services, use the HYDRA_PROXY variable to scan/crack. For all other services, use the HYDRA_PROXY variable to scan/crack.
It uses the same syntax. eg: It uses the same syntax. eg:
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port
```
for example: for example:
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
HYDRA_PROXY=connect://proxy.anonymizer.com:8000
HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080
HYDRA_PROXY=socksproxylist.txt
```
ADDITIONAL HINTS ADDITIONAL HINTS
---------------- ----------------
@ -293,6 +341,7 @@ RESULTS OUTPUT
The results are output to stdio along with the other information. Via the -o The results are output to stdio along with the other information. Via the -o
command line option, the results can also be written to a file. Using -b, command line option, the results can also be written to a file. Using -b,
the format of the output can be specified. Currently, these are supported: the format of the output can be specified. Currently, these are supported:
* `text` - plain text format * `text` - plain text format
* `jsonv1` - JSON data using version 1.x of the schema (defined below). * `jsonv1` - JSON data using version 1.x of the schema (defined below).
* `json` - JSON data using the latest version of the schema, currently there * `json` - JSON data using the latest version of the schema, currently there
@ -302,7 +351,8 @@ If using JSON output, the results file may not be valid JSON if there are
serious errors in booting Hydra. serious errors in booting Hydra.
### JSON Schema JSON Schema
-----------
Here is an example of the JSON output. Notes on some of the fields: Here is an example of the JSON output. Notes on some of the fields:
* `errormessages` - an array of zero or more strings that are normally printed * `errormessages` - an array of zero or more strings that are normally printed
@ -373,6 +423,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid). Every test was run three 295 entries (294 tries invalid logins, 1 valid). Every test was run three
times (only for "1 task" just once), and the average noted down. times (only for "1 task" just once), and the average noted down.
```
P A R A L L E L T A S K S P A R A L L E L T A S K S
SERVICE 1 4 8 16 32 50 64 100 128 SERVICE 1 4 8 16 32 50 64 100 128
------- -------------------------------------------------------------------- ------- --------------------------------------------------------------------
@ -380,6 +431,7 @@ telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55*
ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32
pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50
imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21
```
(*) (*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
@ -387,9 +439,11 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
The reason for this is unknown... The reason for this is unknown...
guesses per task (rounded up): guesses per task (rounded up):
295 74 38 19 10 6 5 3 3 295 74 38 19 10 6 5 3 3
guesses possible per connect (depends on the server software and config): guesses possible per connect (depends on the server software and config):
telnet 4 telnet 4
ftp 6 ftp 6
pop3 1 pop3 1
@ -406,6 +460,7 @@ vh@thc.org (and put "antispam" in the subject line)
You should use PGP to encrypt emails to vh@thc.org : You should use PGP to encrypt emails to vh@thc.org :
```
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v3.3.3 (vh@thc.org) Version: GnuPG v3.3.3 (vh@thc.org)
@ -471,3 +526,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni
zB3yrr+vYBT0uDWmxwPjiJs= zB3yrr+vYBT0uDWmxwPjiJs=
=ytEf =ytEf
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
```