NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Cracking Network Passwords (Hydra)

Peleus

Often you may wish to obtain access to a service or password protected area on a network. Examples of this may be trying to log into a ssh service, RDP, http-get (i.e. what your router pops up with), etc. There a multitude of tools that will allow you to perform these password attacks, hydra, medusa and ncrack are popular examples. Some tools may cope with certain protocols better than others, but hydra has become a staple tool in my arsenal. You have the choice of nominating a single host name, then cycling through a password list; nominating a username list and testing a password, or a combination of both username lists and password lists.

Tool
hydra

Basic Syntax

hydra -l/-L <user name / user list> -p/-P <password / password list> <protocol://hostname>

hydra -l/-L <user name / user list> -p/-P <password / password list> <protocol://hostname>

Break Down
-l/-L : Only one of these is needed. Little l is for nominating a single username, capital is for a username list
-p/-P : Only one of these is needed again. Little p for a single password, capital p for a password list.
<protocol://hostname> : This specifies the target and protocol. For example cracking ssh on 192.168.1.1 would be ssh://192.168.1.1, while ftp on 10.1.2.3 would be ftp://10.1.2.3

Example

hydra -l bob -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.15  # Cycle through a wordlist trying to log in as bob over ssh on 192.168.1.1
hydra -L usernames.txt -p password  192.168.1.1 http-get / -s 80   # Cycle through a list of usernames and try and log into the router at http://192.168.1.1:80/ with the password 'password'

hydra -l bob -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.15 # Cycle through a wordlist trying to log in as bob over ssh on 192.168.1.1 hydra -L usernames.txt -p password 192.168.1.1 http-get / -s 80 # Cycle through a list of usernames and try and log into the router at http://192.168.1.1:80/ with the password 'password'

Advanced Reading
Hydra can do a lot more than mentioned here. Ton’s more protocols are also supported (although some like RDP aren’t that great to try and brute force). Options like the ‘C’ flag allow you to use username:password combinations. https-post protocols allows you to target forms embedded in websites, etc.

Filed Under: Passwords Tagged With: cracking, hydra, network passwords

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in