8 replies to this topic

[Imps2]

Have fun

Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3,
Cisco auth, Cisco enable, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
access from remote to a system

Cracker


Greetz

[BeNiNuK]

nice im gonna check it out now and see if its as good as u say it is!

[myth]

SWEET

been using aout a hundred different programs for each protocol

but never had the time to look for an all-in-one

cheers

(will be used to show how weak the passwords at my work really are)

[myth]

E:\FTP Files\Hacking-Cracking etc\Brute Forcer\hydra-4.2-win\hydra-4.2-win>hydra

Hydra v4.2 [http://www.thc.org] (c) 2004 by van Hauser / THC <vh@thc.org>

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
 [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
 server service [OPT]

Options:
  -R        restore a previous aborted/crashed session
  -S        connect via SSL
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE try password PASS, or load several passwords from FILE
  -e ns     additional checks, "n" for null password, "s" try login as pass
  -C FILE   colon seperated "login:pass" format, instead of -L/-P options
  -M FILE   server list for parallel attacks, -T TASKS sets max tasks per host
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f        exit after the first found login/password pair (per host if -M)
  -t TASKS  run TASKS number of connects in parallel (default: 16)
  -w TIME   defines the max wait time in seconds for responses (default: 30)
  -v / -V   verbose mode / show login+pass combination for each attempt
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: [telnet ftp pop3 imap smb
 smbnt http https http-proxy cisco cisco-enable ldap mssql mysql nntp vnc rexec
socks5 snmp cvs icq pcnfs sapr3 ssh2 smtp-auth]
  OPT       some service modules need special input (see README!)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only for

legal purposes! If used commercially, name and web address must be mentioned in
the report. You can always find the newest version at http://www.thc.org

E:\FTP Files\Hacking-Cracking etc\Brute Forcer\hydra-4.2-win\hydra-4.2-win>

Those are the windows command line switches ... who needs a GUI when ya have CLI anywayz ?!?!?!

[slb33]

I can't get it to show good results for vnc on a known server and password.

All I get is the command's that I entered.

Anyone know the proper way to get the results to show in a text file?

this is what I tried:
hydra -l -P c:\pass.txt -t 4 -v -V -o hydra.txt xx.xxx.xxx.xxx vnc

[net_runner]

i use the win32 version and it's works cute for mssql, thanks for the post

[Killahbee]

well lemme take a peek then and test a bit.....thanks m8!

[Fathur Quds]

thanks... :top

[jahoor]

pls i'm bad in compiling pls past complied version here pls am using window server 2003