Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 19
Members Online: 3

Registered Members: 82876
Newest Member: bhl1986
Latest Articles

Hydra: Brute-Forcing Passwords (Dictionary Attacks)

Arrow Image Brute-Forcing Logins on Remote Services.



Hydra: Brute-Forcing Passwords with Dictionary Attacks

1.\"In computer science, a brute-force search consists of systematically enumerating every possible solution of a problem until a solution is found, or all possible solutions have been exhausted.\"

For some reason, or another, you might be desperate for a password of a user. You might know, or not know the user\'s name. However, to make the chances for the brute-force to be succesful, at least, supply a username, so that all that is left is the password. Thus, increasing your probability of success to find the missing password.

Now, brute-forcing consists of three 3 different types of attacks to find the missing string we\'re looking for. The 3 attack types are:

a. Cryptanalysis Attacks -- Attempt to try every possible string
b. Dictionary Attacks -- Try to match the missing string with one in a dictionary file or password list.
b. Hybrid Attacks -- Both Cryptanalysis and Dictionary attack.

For learning purposes, you need to only concentrate on dictionary attacks, since brute forcing takes a VERY long time (most of the time) and demands a lot of processing speed. Also, note that Hybrid attacks might go beyond the scope of this article, so I dare NOT start I will not finish in this article.

So, say you\'re connected to a server, and assuming you knew the name of the username, and you want the password, a method to get that password will be done with a dictionary file and this handy-dandy tool at our disposal called \"Hydra\", which attemps to brute-force logins for several servers running TELNET, FTP, HTTP, etc.

For example to do this, we simply download it, install it and run it.


Ok, if the install was successful, then let\'s procede with running an attack on say, a server running an HTTP server that requires authentication. To do so, simply run the following commands on your shell terminal (CMD prompt):

hydra -L usernames.txt -P passwords.txt www.victim.org http

Logically, we\'d put in the user\'s name in the usernames.txt file, and replace out dictionary file or password list with passwords.txt (you can add your own guesses to it; I\'d recommend putting them at the top of the file, since it is processed from TOP to BOTTOM).

Note that for the dictionary, you download from the internet and mash them together to create even bigger ones. Or you can get a password generator or a script to output results in a file. With that method, you can control how long the strings are (that\'s effective when you know how long the password to be cracked is).

And finally, we put out victim\'s hostname there, with \"http\" following soon after, with a space to separate the hostname and the protocol (in this case, http).

Since, we can specify which protocol to use, why not try it with an FTP server. To do this we simply modify the command above to fit our request:

hydra -L usernames.txt -P passwords.txt ftp.victim.org ftp

So, be creative, and use it for other protocols as well, not just FTP and HTTP. We can even brute-force a telnet login, as such:

hydra -L usernames.txt -P passwords.txt telnet.victim.org telnet

Keep in mind, however, that the service you\'re brute-forcing needs to be running on the server, so that you, the client, can connect to it (or in this case, hammer it with a brute-force).

- netfish

Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.

HYDRA (download)
http://www.thehackerschoice.com/releases.php

Dictionary files (there are millions on the net):
http://www.governmentsecurity.org/forum/index.php?showtopic=81&st=0%EF%BF%BDentry13

sources:
1. en.wikipedia.org/wiki/Brute-force

Comments

mastergameron February 09 2007 - 07:46:57
Great article, however, the governmentsecurity.org download links are broken, and the hydra page is http://www.thc.or. . .
-The_Flash-on February 09 2007 - 10:51:02
Excellent article
Night_Stalkeron February 09 2007 - 18:44:35
.....................DOTS................
Night_Stalkeron February 09 2007 - 18:46:05
great articale
smack300on February 10 2007 - 01:43:23
sweet article dude, man u pump out some great stuff!
Uber0non February 13 2007 - 11:47:57
Well done B)
Legacyon November 03 2012 - 18:35:39
I Just Have One Question, I downloaded Hydra, And when i try to run the program i get a command prompt for about 2 seconds then it terminates, Any tips?
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.