THC-Hydra - Very Fast Network Logon Cracker - How to use
Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. This fast, and many will say fastest network logon cracker supports many different services. Deemed ‘The best parallelized login hacker’: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.Link download: THC-Hydra v8.2 Released
Install Hydra
$ cd /data/src/
$ wget http://www.thc.org/releases/hydra-8.1.tar.gz
$ tar xzvf hydra-8.1.tar.gz
$ cd hydra-8.1/
$ ./configure
$ make
$ sudo make install
If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add “-DWITH_SSH1=On” option in the cmake command line.
If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules:
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev
Hydra was tested and compiles on:
All UNIX platforms (linux, *bsd, solaris, etc.)
Mac OS/X
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)
apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-devSyntax
$ hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
server service [OPT]
If you just enter “hydra”, you will see a short summary of the important options available. Type “./hydra -h” to see all available command line options. For Linux users, a GTK gui is available, try “./xhydra”
Restoring an aborted session
When hydra is aborted with Control-C, killed or crashs, it leavs a “hydra.restore” file behind which contains all necessary information to restore the session. This session file is written every 5 minutes.
NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. from little indian to big indian, or from solaris to aix)
How To Scan/Crack Over a Proxy
The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works just for the http/www service!).
The following syntax is valid:
HYDRA_PROXY_HTTP="http://123.45.67.89:8080/"
For all other services, use the HYDRA_PROXY variable to scan/crack via by default a web proxy’s CONNECTcall. It uses the same syntax.
HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port
Example:
HYDRA_PROXY=http://proxy.anonymizer.com:8000
If you require authentication for the proxy, use the HYDRA_PROXY_AUTH environment variable:
HYDRA_PROXY_AUTH="the_login:the_password"
Currently THC-Hydra supports:
- Asterisk,
- AFP,
- Cisco AAA,
- Cisco auth,
- Cisco enable,
- CVS, Firebird,
- FTP,
- HTTP-FORM-GET,
- HTTP-FORM-POST,
- HTTP-GET,
- HTTP-HEAD,
- HTTP-PROXY,
- HTTPS-FORM-GET,
- HTTPS-FORM-POST,
- HTTPS-GET,
- HTTPS-HEAD,
- HTTP-Proxy,
- ICQ,
- IMAP,
- IRC,
- LDAP,
- MS-SQL,
- MYSQL,
- NCP,
- NNTP,
- Oracle Listener,
- Oracle SID,
- Oracle,
- PC-Anywhere,
- PCNFS,
- POP3,
- POSTGRES,
- RDP,
- Rexec,
- Rlogin,
- Rsh,
- S7-300,
- SAP/R3,
- SIP,
- SMB,
- SMTP,
- SMTP Enum,
- SNMP,
- SOCKS5,
- SSH (v1 and v2),
- Subversion,
- Teamspeak (TS2),
- Telnet,
- VMware-Auth,
- VNC and
- XMPP.
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
