Main:
Brute-Forcing Logins on Remote Services.
Hydra: Brute-Forcing Passwords with Dictionary Attacks
1."In computer science, a brute-force search consists of systematically enumerating every possible solution of a problem until a solution is found, or all possible solutions have been exhausted."
For some reason, or another, you might be desperate for a password of a user. You might know, or not know the user's name. However, to make the chances for the brute-force to be succesful, at least, supply a username, so that all that is left is the password. Thus, increasing your probability of success to find the missing password.
Now, brute-forcing consists of three 3 different types of attacks to find the missing string we're looking for. The 3 attack types are:
a. Cryptanalysis Attacks -- Attempt to try every possible string
b. Dictionary Attacks -- Try to match the missing string with one in a dictionary file or password list.
b. Hybrid Attacks -- Both Cryptanalysis and Dictionary attack.
For learning purposes, you need to only concentrate on dictionary attacks, since brute forcing takes a VERY long time (most of the time) and demands a lot of processing speed. Also, note that Hybrid attacks might go beyond the scope of this article, so I dare NOT start I will not finish in this article.
So, say you're connected to a server, and assuming you knew the name of the username, and you want the password, a method to get that password will be done with a dictionary file and this handy-dandy tool at our disposal called "Hydra", which attemps to brute-force logins for several servers running TELNET, FTP, HTTP, etc.
For example to do this, we simply download it, install it and run it.
Ok, if the install was successful, then let's procede with running an attack on say, a server running an HTTP server that requires authentication. To do so, simply run the following commands on your shell terminal (CMD prompt):
hydra -L usernames.txt -P passwords.txt www.victim.org http
Logically, we'd put in the user's name in the usernames.txt file, and replace out dictionary file or password list with passwords.txt (you can add your own guesses to it; I'd recommend putting them at the top of the file, since it is processed from TOP to BOTTOM).
Note that for the dictionary, you download from the internet and mash them together to create even bigger ones. Or you can get a password generator or a script to output results in a file. With that method, you can control how long the strings are (that's effective when you know how long the password to be cracked is).
And finally, we put out victim's hostname there, with "http" following soon after, with a space to separate the hostname and the protocol (in this case, http).
Since, we can specify which protocol to use, why not try it with an FTP server. To do this we simply modify the command above to fit our request:
hydra -L usernames.txt -P passwords.txt ftp.victim.org ftp
So, be creative, and use it for other protocols as well, not just FTP and HTTP. We can even brute-force a telnet login, as such:
hydra -L usernames.txt -P passwords.txt telnet.victim.org telnet
Keep in mind, however, that the service you're brute-forcing needs to be running on the server, so that you, the client, can connect to it (or in this case, hammer it with a brute-force).
- netfish
Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.
HYDRA (download)
http://www.thehackerschoice.com/releases.php
Dictionary files (there are millions on the net):
http://www.governmentsecurity.org/forum/index.php?showtopic=81&st=0%EF%BF%BDentry13
sources:
1. en.wikipedia.org/wiki/Brute-force
1."In computer science, a brute-force search consists of systematically enumerating every possible solution of a problem until a solution is found, or all possible solutions have been exhausted."
For some reason, or another, you might be desperate for a password of a user. You might know, or not know the user's name. However, to make the chances for the brute-force to be succesful, at least, supply a username, so that all that is left is the password. Thus, increasing your probability of success to find the missing password.
Now, brute-forcing consists of three 3 different types of attacks to find the missing string we're looking for. The 3 attack types are:
a. Cryptanalysis Attacks -- Attempt to try every possible string
b. Dictionary Attacks -- Try to match the missing string with one in a dictionary file or password list.
b. Hybrid Attacks -- Both Cryptanalysis and Dictionary attack.
For learning purposes, you need to only concentrate on dictionary attacks, since brute forcing takes a VERY long time (most of the time) and demands a lot of processing speed. Also, note that Hybrid attacks might go beyond the scope of this article, so I dare NOT start I will not finish in this article.
So, say you're connected to a server, and assuming you knew the name of the username, and you want the password, a method to get that password will be done with a dictionary file and this handy-dandy tool at our disposal called "Hydra", which attemps to brute-force logins for several servers running TELNET, FTP, HTTP, etc.
For example to do this, we simply download it, install it and run it.
Ok, if the install was successful, then let's procede with running an attack on say, a server running an HTTP server that requires authentication. To do so, simply run the following commands on your shell terminal (CMD prompt):
hydra -L usernames.txt -P passwords.txt www.victim.org http
Logically, we'd put in the user's name in the usernames.txt file, and replace out dictionary file or password list with passwords.txt (you can add your own guesses to it; I'd recommend putting them at the top of the file, since it is processed from TOP to BOTTOM).
Note that for the dictionary, you download from the internet and mash them together to create even bigger ones. Or you can get a password generator or a script to output results in a file. With that method, you can control how long the strings are (that's effective when you know how long the password to be cracked is).
And finally, we put out victim's hostname there, with "http" following soon after, with a space to separate the hostname and the protocol (in this case, http).
Since, we can specify which protocol to use, why not try it with an FTP server. To do this we simply modify the command above to fit our request:
hydra -L usernames.txt -P passwords.txt ftp.victim.org ftp
So, be creative, and use it for other protocols as well, not just FTP and HTTP. We can even brute-force a telnet login, as such:
hydra -L usernames.txt -P passwords.txt telnet.victim.org telnet
Keep in mind, however, that the service you're brute-forcing needs to be running on the server, so that you, the client, can connect to it (or in this case, hammer it with a brute-force).
- netfish
Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.
HYDRA (download)
http://www.thehackerschoice.com/releases.php
Dictionary files (there are millions on the net):
http://www.governmentsecurity.org/forum/index.php?showtopic=81&st=0%EF%BF%BDentry13
sources:
1. en.wikipedia.org/wiki/Brute-force
Posted by 
