About 0x01
Chinese name Hydra: Hydra, which is a very powerful blasting tool that supports all the basic agreements blasting, and leisurely error rate is very good
2018 to 2019, the safety of each site scripting technologies have become increasingly demanding, such as SQL, XSS availability probability is small, and most sites have a firewall.
However, due to weak operation and maintenance of safety awareness will still exist weak passwords such vulnerabilities, weak passwords in a lot of money in infiltration tactics clever, but it is also ranked higher penetration techniques, simple, violence. It is synonymous with it.
For blasting port, first of all have a good dictionary, here introduces the blasting kali inside hydra, but can not succeed or blasting requires you to have a good dictionary.
0x02 common parameters
-R:继续从上一次进度接着破解
-S:大写,采用SSL链接
-s <PORT>:小写,可通过这个参数指定非默认端口
-l <LOGIN>:指定破解的用户,对特定用户破解
-L <FILE>:指定用户名字典
-p <PASS>:小写,指定密码破解,少用,一般是采用密码字典
-P <FILE>:大写,指定密码字典
-e <ns>:可选选项,n:空密码试探,s:使用指定用户和密码试探
-C <FILE>:使用冒号分割格式,例如“登录名:密码”来代替 -L/-P 参数
-M <FILE>:指定目标列表文件一行一条
-o <FILE>:指定结果输出文件
-f :在使用-M参数以后,找到第一对登录名或者密码的时候中止破解
-t <TASKS>:同时运行的线程数,默认为16
-w <TIME>:设置最大超时的时间,单位秒,默认是30s
-v / -V:显示详细过程
server:目标ip
service:指定服务名,支持的服务和协议:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等
OPT:可选项0x03 Use Cases
3.1 crack SSH:
hydra -L user.txt -P passwd.txt -o ssh.txt -vV -t 5 96.95.95.125 sshNote: -L -P specify the user dictionary to specify a password dictionary -o output to the success of ssh.txt file -vV Show Details
FTP 3.2 crack
hydra -L user.txt -P passwd.txt -o ftp.txt -t 5 -vV 96.96.96.126 ftpNote: -L -P specifies the list of user names to specify a password dictionary -o -t blasting the output to a file specified thread -vV Show Details
Telnet 3389 3.3 crack
hydra 96.96.95.125 -L user.txt -P passwd.txt -V rdp0x04 password dictionary
4.1 kali default dictionary
Brute force to succeed the most important condition is to have a strong password dictionary! Kali comes with some default dictionary, under / usr / share / wordlists catalog:
Madrid:
big.txt #大的字典
small.txt #小的字典
catala.txt #项目配置字典
common.txt #公共字典
euskera.txt #数据目录字典
extensions_common.txt #常用文件扩展名字典
indexes.txt #首页字典
mutations_common.txt #备份扩展名
spanish.txt #方法名或库目录
others #扩展目录,默认用户名等
stress #压力测试
vulns #漏洞测试4.2 Metasploit integrated dictionary
Various types of dictionaries under metasploit, in / usr / share / wordlists / metasploit directory:
4.3 Other dictionaries
These integrated on kali dictionary and contains a lot of content though, but these have been disclosed for many years, I believe that any security-conscious companies will not use most of the password.
4.3.1 So good dictionary or to slowly gather, and here I will share a dictionary I often use it:
Links: https://pan.baidu.com/s/1aXoTqXxyyy5L-wOjeI85rQ extraction code: mw5q
4.3.2 here and put on a set of Gangster Pig Man dictionary it:
链接: https://pan.baidu.com/s/1J2jU2VMKT3t1Au6_bJU8rA 提取码: 9jv8