Nice Brute Force Password Cracker

Full Version: Nice Brute Force Password Cracker

GovernmentSecurity.org > The Archives > Public Downloads

Imps2

Aug 7 2004, 12:37 PM

Have fun

Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3,
Cisco auth, Cisco enable, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
access from remote to a system

Cracker

Greetz

BeNiNuK

Aug 7 2004, 02:09 PM

nice im gonna check it out now and see if its as good as u say it is!

myth

Aug 8 2004, 02:49 AM

SWEET

been using aout a hundred different programs for each protocol

but never had the time to look for an all-in-one

cheers

(will be used to show how weak the passwords at my work really are)

myth

Aug 8 2004, 03:04 AM

CODE

E:\FTP Files\Hacking-Cracking etc\Brute Forcer\hydra-4.2-win\hydra-4.2-win>hydra

Hydra v4.2 [http://www.thc.org] (c) 2004 by van Hauser / THC <vh@thc.org>

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
server service [OPT]

Options:
-R restore a previous aborted/crashed session
-S connect via SSL
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-e ns additional checks, "n" for null password, "s" try login as pass
-C FILE colon seperated "login:pass" format, instead of -L/-P options
-M FILE server list for parallel attacks, -T TASKS sets max tasks per host
-o FILE write found login/password pairs to FILE instead of stdout
-f exit after the first found login/password pair (per host if -M)
-t TASKS run TASKS number of connects in parallel (default: 16)
-w TIME defines the max wait time in seconds for responses (default: 30)
-v / -V verbose mode / show login+pass combination for each attempt
server the target server (use either this OR the -M option)
service the service to crack. Supported protocols: [telnet ftp pop3 imap smb
smbnt http https http-proxy cisco cisco-enable ldap mssql mysql nntp vnc rexec
socks5 snmp cvs icq pcnfs sapr3 ssh2 smtp-auth]
OPT some service modules need special input (see README!)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only for

legal purposes! If used commercially, name and web address must be mentioned in
the report. You can always find the newest version at http://www.thc.org

E:\FTP Files\Hacking-Cracking etc\Brute Forcer\hydra-4.2-win\hydra-4.2-win>

Those are the windows command line switches ... who needs a GUI when ya have CLI anywayz ?!?!?!

slb33

Aug 8 2004, 07:59 AM

I can't get it to show good results for vnc on a known server and password.

All I get is the command's that I entered.

Anyone know the proper way to get the results to show in a text file?

this is what I tried:
hydra -l -P c:\pass.txt -t 4 -v -V -o hydra.txt xx.xxx.xxx.xxx vnc

net_runner

Aug 25 2004, 05:08 PM

i use the win32 version and it's works cute for mssql, thanks for the post

Killahbee

Aug 25 2004, 05:18 PM

well lemme take a peek then and test a bit.....thanks m8!

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.