Dictionary attack tool thc-hydra tutorial for beginner

A very fast network login cracker with dictionary attack tool which support many different services.

Dictionary attack tool thc-hydra Description:

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.

Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however none does Either support more than one protocol to attack or support panellized Connects.

Protocols supported by thc-hydra

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,  HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,  MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,  PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,  SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion,  Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to use hydra in Kali Linux

Thc-hydra is available in kali linux already you don’t need to install or configure it. In Kali Linux hydra available in two mode Graphical and Command line.

Graphical Interface of Hydra in Kali Linux:

Graphical interface is easy to use so let’s look on graphical interface of hydra:

  1. Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
    Open hydra-gtk
  2. Configure Hydra for Attack
  3. Target: there are following option are available:
    1. Single Target: Give the IP address of Single target
    2. Target List: you can upload file consist targets list.
    3. Define Port: specify port
    4. Protocol: Select protocol for attack
      configure target tab
  4. Passwords: In this tab you set the username and password and more…
    1. Username: Give the username if you know
    2. Username list: if you don’t know the username provide file location consist multiple usernames
    3. Password: This option for single password
    4. Password List: Here you provide the wordlist location
    5. Check on try login as password
    6. Check on Try empty password
    7. Check on Try reversed login
      configure passwords tab
  5. Tuning: Following options for this tab:
    1. Number Task: Repeat task
    2. Time out: configure timeout on not response
    3. Proxy: Set proxy if you are using. Or leave by default No proxy
  6. Specific: Leave default
  7. Start: Here you can start stop attack and save result
    start and result tab

Command line Interface of Hydra in Kali Linux:

As in Linux command line have their own importance and value and most of tools are available with command line interface for linux, Hydra is one of them. to know more about the hydra just execute following command

#Hydra –h

This command will show all options used with hydra command.

hydra -h

 

You have many options on how to attack with logins and passwords

With -l for login and -p for password you tell hydra that this is the only

login and/or password to try.

With -L for logins and -P for passwords you supply text files with entries.

e.g.:

hydra -l admin -p password ftp://localhost/

hydra -L default_logins.txt -p test ftp://localhost/

hydra -l admin -P common_passwords.txt ftp://localhost/

hydra -L logins.txt -P passwords.txt ftp://localhost/

Additionally, you can try passwords based on the login via the “-e” option.

The “-e” option has three parameters:

s – try the login as password

n – try an empty password

r – reverse the login and try it as password

If you want to, e.g. try “try login as password and “empty password”, you

specify “-e sn” on the command line

 

 

Source: https://www.thc.org

https://github.com/vanhauser-thc/thc-hydra

Leave a Reply

Your email address will not be published. Required fields are marked *