Aug 11, 2011

Cracking password with THC Hydra

If password length is not greater than 5 and contains only lower cases,
it will take less than 1 hour and a half to crack such telnet password.

http://thc.org/thc-hydra/
wget http://www.thc.org/releases/hydra-6.5-src.tar.gz
tar xvzf hydra-6.5-src.tar.gz
cd hydra-6.5-src
./configure --prefix=$HOME; make; make install

[user@serverName hydra-6.5-src]$ cd
[user@serverName ~]$ hydra
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only fo                                       r legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:43:14
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
 [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
 [-4|-6] [-x MIN:MAX:CHARSET] [server service [OPT]]|[service://server[:PORT][/O                                       PT]]

Options:
  -R        restore a previous aborted/crashed session
  -S        connect via SSL
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE try password PASS, or load several passwords from FILE
  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
  -e ns     additional checks, "n" for null password, "s" try login as pass
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   server list for parallel attacks, one entry per line
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f        exit after the first found login/password pair (per host if -M)
  -t TASKS  run TASKS number of connects in parallel (default: 16)
  -W TIME   defines the wait time between connects for one thread in seconds
  -w TIME   defines the max wait time in seconds for responses (default: 20)
  -4 / -6   prefer IPv4 (default) or IPv6 addresses
  -v / -V   verbose mode / show login+pass combination for each attempt
  -U        service module usage details
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: cisco cisco-enable cvs ft                                       p[s] http[s]-{head|get} http[s]-{get|post}-form http-proxy icq irc imap ldap2 ld                                       ap3[-{cram|digest}md5] mssql mysql nntp oracle-listener oracle-sid pcnfs pop3 pc                                       anywhere rexec rlogin rsh sip smb smtp smtp-enum snmp socks5 svn teamspeak telne                                       t vnc vmauthd xmpp
  OPT       some service modules need special input (use -U to see details)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only
for legal purposes! If used commercially, tool name, version and web address
must be mentioned in the report. Find the newest version at http://www.thc.org/t                                       hc-hydra

Examples:
  hydra -l john -p doe 192.168.0.1 imap
  hydra -l john -p doe 192.168.0.1 imap PLAIN
  hydra -l john -p doe 192.168.0.1 imap PLAIN -s 143
  hydra -l john -p doe imap://192.168.0.1/PLAIN
  hydra -l john -p doe imap://[::FFFF:192.168.0.1]:143 -6
[user@serverName ~]$ hydra -x -h
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:45:41
Hydra bruteforce password generation option usage:

  -x MIN:MAX:CHARSET

     MIN     is the minimum number of characters in the password
     MAX     is the maximum number of characters in the password
     CHARSET is a specification of the characters to use in the generation
             valid CHARSET values are: 'a' for lowercase letters,
             'A' for uppercase letters, '1' for numbers, and for all others,
             just add their real representation.

Examples:
   -x 3:5:a  generate passwords from length 3 to 5 with all lowercase letters
   -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers
   -x 1:3:/  generate passwords from length 1 to 3 containing only slashes
   -x 5:5:/%,.-  generate passwords with length 5 which consists only of /%,.-

The bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/
[user@serverName ~]$
[user@serverName ~]$ hydra -l user -x 3:5:a localhost telnet
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-08-10 18:47:10
[DATA] 16 tasks, 1 servers, 12355928 login tries (l:1/p:12355928), ~772245 tries per task
[DATA] attacking service telnet on port 23
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)
Error: Not a TELNET protocol or service shutdown: (null)

[STATUS] 282.00 tries/min, 282 tries in 00:01h, 12355646 todo in 730:15h
The session file ./hydra.restore was written. Type "hydra -R" to resume session.

20 comments:

Anonymous said...

whoah this blog is great i really like studying your articles.
Stay up the good work! You understand, lots of individuals are searching round for this info, you can help them greatly.


Feel free to surf to my web blog facebook password cracker

Anonymous said...

Hi to every one, it's truly a good for me to go to see this web site, it contains valuable Information.

Also visit my web site ... green coffee extract weight loss

Anonymous said...

I just wanted to inform you that I found your webpage on and even though I enjoyed checking out your
entry, it appears your blog acts up in a few browsers.
When I have a look at your web-site in Chrome,
it looks fine however, when opening in IE, it has a
few overlapping issues. I simply wanted to offer you with a little heads up, that's all.

my webpage :: http://www.arabyada.com/index.php?do=/blog/35662/casino-games-opportunity-and-good-luck-have-everything-to-do-with-it/

Anonymous said...

Hello, the whole thing is going sound here and ofcourse every
one is sharing facts, that's actually fine, keep up writing.

Feel free to visit my site - http://merv123.webfactional.com

Anonymous said...

Thanks so much for this. I'm a writer coming from Seneca, United States and what you've said here on blogger.
com could not be written any better. Reading
through this post reminds me of my college roommate,
Arlen. He always kept preaching about this. I will definitely send these ideas to him.
Pretty sure he will have a good time reading this. I appreciate you for posting this.


Also visit my blog - rockband

Anonymous said...

I’ve been surfing around online in excess of nine hrs right
now, and after finding you on http://nguyen-vu-hung.
blogspot.com/, I definitely haven't discovered any informative posts similar to yours. Honestly, I think that if more bloggers and siteowners composed content like your website, the web would be even more beneficial than it now is.

Visit my homepage: zenit zenit

Anonymous said...

Free PSN Cards

Anonymous said...

Is it ok if I repost a few of your articles so long as I
give credit and sources back to blogger.com? My website is on
the exact same focus as yours and my readers could easily benefit from a lot of the information you offer here.

Please let me know if this is okay with you. Regards

Here is my blog: optimierung

Anonymous said...

Hey there, I'm a new blogger coming from Jersey City, United States who found you on http://nguyen-vu-hung.blogspot.com/. Would you have any points for those exploring blogging? I'm working on beginning my own blog soon but I don't really know where to get started. Do you believe I should start out with a free site like WordPress or shell out some money into a pay site? There are so many choices out there that I'm absolutely overloaded.
.. Any tips?

Stop by my site cheapest flights

Anonymous said...

It's amazing to pay a visit this web page and reading the views of all colleagues about this article, while I am also eager of getting know-how.

Feel free to surf to my site ... how to breed in dragonvale

Anonymous said...

What's Happening i am new to this, I stumbled upon this I have found It absolutely useful and it has aided me out loads. I'm hoping to contribute & help different customers like
its aided me. Great job.

Check out my web blog :: get minecraft for free

Anonymous said...

Its like you read my thoughts! You seem to know
a lot about this, such as you wrote the e book in it or something.
I believe that you can do with a few percent to force the message home a little bit,
however instead of that, that is great blog. A great read.
I will definitely be back.

Look at my blog post - web host net

Anonymous said...

I just like the helpful info you supply in your articles.
I'll bookmark your weblog and test again right here regularly. I'm
fairly certain I'll be told a lot of new stuff proper here! Good luck for the next!

Feel free to surf to my weblog - minecraft accounts

Anonymous said...

Yesterday, while I was at work, my cousin stole my apple ipad and tested to see if
it can survive a twenty five foot drop, just so she can be a youtube sensation.
My iPad is now destroyed and she has 83 views.

I know this is completely off topic but I had to share it with someone!


my blog post; Increase you tube Views

Anonymous said...

Excellent post. Keep posting such kind of info on your blog.
Im really impressed by your blog.
Thanks for sharing your thoughts on minecraft premium for free.
Regards

Also visit my homepage - minecraft download

Anonymous said...

I used to be recommended this web site via my cousin.
I am now not certain whether this submit
is written by him as nobody else know such certain approximately
my difficulty. You are wonderful! Thanks!

my website :: Play Minecraft For Free Online Now

Anonymous said...

I usеd to be геcommendеd thіs web
sitе bу mу cousin. I am not sure ωhеther this
post is wrіtten through him as nοbоԁу elsе recоgnize suсh speсial аpproхimately my ԁiffіculty.
Υou're incredible! Thank you!

Here is my homepage ... taste of san francisco tour

Anonymous said...

Let me introduce you all to this wonderful product named http:
//www.sharecash-bypass.tk Ubers AIO Downloader. You guys
might be thinking that what this tool is doing on a Sharecash Downloader website and
that this is all different, well, but no. After successfully running Sharecash Downloader
of mine for 2-3 months, I decided to make something more
unique and useful to you guys, so I came up with my AIO Downloader.
The speciality of this downloader is that it downloads almost from all
file-hosters along with Sharecash, Fileace and
Dengee.

Anonymous said...

Hello everyone, it's my first visit at this website, and post is actually fruitful in favor of me, keep up posting these content.

Also visit my web blog; twitter password

Anonymous said...

These are in fact great ideas in about blogging.
You have touched some fastidious factors here.
Any way keep up wrinting.

Here is my webpage Adf.Ly Autoclicker