{"id":200,"date":"2020-06-12T22:37:24","date_gmt":"2020-06-12T14:37:24","guid":{"rendered":"https:\/\/byy3.com\/?p=200"},"modified":"2020-06-12T22:38:45","modified_gmt":"2020-06-12T14:38:45","slug":"200","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=200","title":{"rendered":"Hydra"},"content":{"rendered":"\n

Penetration Testing Tools<\/h2>\n\n\n\n
You are here: Home<\/a> \u00bb Password Attacks<\/a> \u00bb Hydra<\/p>\n\n\n\n

Hydra Description<\/h2>\n\n\n\n
A very fast network logon cracker which support many different services.<\/p>\n\n\n\n
Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP\/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.<\/p>\n\n\n\n
Homepage: https:\/\/www.thc.org\/thc-hydra\/<\/a><\/p>\n\n\n\n
Author: Van Hauser, Roland Kessler<\/p>\n\n\n\n
License: AGPL-3.0<\/p>\n\n\n\n

Hydra Help<\/h2>\n\n\n\n
Syntax: <\/p>\n\n\n\n
1<\/td> hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [service:<\/code>\/\/server<\/code>[:PORT][<\/code>\/OPT<\/code>]]<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nOptions:<\/p>\n\n\n\n 12345678910111213141516171819202122232425262728<\/td> -R restore a previous aborted\/crashed session<\/code>-S perform an SSL connect<\/code>-s PORT if the service is on a different default port, define it here<\/code>-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE<\/code>-p PASS or -P FILE try password PASS, or load several passwords from FILE<\/code>-x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help<\/code>-e nsr try \"n\" null password, \"s\" login as pass and\/or \"r\" reversed login<\/code>-u loop around users, not passwords (effective! implied with -x)<\/code>-C FILE colon separated \"login:pass\" format, instead of -L\/-P options<\/code>-M FILE list of servers to attack, one entry per line, ':' to specify port<\/code>-o FILE write found login\/password pairs to FILE instead of stdout<\/code>-f \/ -F exit when a login\/pass pair is found (-M: -f per host, -F global)<\/code>-t TASKS run TASKS number of connects in parallel (per host, default: 16)<\/code>-w \/ -W TIME waittime for responses (32) \/ between connects per thread (0)<\/code>-4 \/ -6 use IPv4 (default) \/ IPv6 addresses (put always in [] also in -M)<\/code>-v \/ -V \/ -d verbose mode \/ show login+pass for each attempt \/ debug mode <\/code>-O use old SSL v2 and v3<\/code>-q do not print messages about connection errors<\/code>-U service module usage details<\/code>server the target: DNS, IP or 192.168.0.0\/24 (this OR the -M option)<\/code>service the service to crack (see below for supported protocols)<\/code>OPT some service modules support additional input (-U for module help)<\/code> Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.<\/code>E.g.: % export HYDRA_PROXY=socks5:\/\/127.0.0.1:9150 (or socks4:\/\/ or connect:\/\/)<\/code>% export HYDRA_PROXY_HTTP=http:\/\/proxy:8080<\/code>% export HYDRA_PROXY_AUTH=user:pass<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nHydra bruteforce password generation option usage:<\/strong><\/p>\n\n\n\n 12345678<\/td> -x MIN:MAX:CHARSET<\/code> MIN is the minimum number of characters in the password<\/code>MAX is the maximum number of characters in the password<\/code>CHARSET is a specification of the characters to use in the generation<\/code>valid CHARSET values are: 'a' for lowercase letters,<\/code>'A' for uppercase letters, '1' for numbers, and for all others,<\/code>just add their real representation.<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nExamples:<\/p>\n\n\n\n 1234<\/td> -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters<\/code>-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers<\/code>-x 1:3:\/ generate passwords from length 1 to 3 containing only slashes<\/code>-x 5:5:\/%,.- generate passwords with length 5 which consists only of \/%,.-<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nHydra Supported Protocols<\/h2>\n\n\n\nSupported protocols:<\/p>\n\n\n\n asterisk<\/li> afp<\/li> cisco<\/li> cisco-enable<\/li> cvs<\/li> firebird<\/li> ftp<\/li> ftps<\/li> http-head<\/li> https-head<\/li> http-get<\/li> https-get<\/li> http-post<\/li> https-post<\/li> http-get-form<\/li> https-get-form<\/li> http-post-form<\/li> https-post-form<\/li> http-proxy<\/li> http-proxy-urlenum<\/li> icq<\/li> imap<\/li> imaps<\/li> irc<\/li> ldap2<\/li> ldap2s<\/li> ldap3<\/li> ldap3s<\/li> ldap3-crammd5<\/li> ldap3-crammd5s<\/li> ldap3-digestmd5<\/li> ldap3-digestmd5s<\/li> mssql<\/li> mysql<\/li> nntp<\/li> oracle-listener<\/li> oracle-sid<\/li> pcanywhere<\/li> pcnfs<\/li> pop3<\/li> pop3s<\/li> postgres<\/li> rdp<\/li> redis<\/li> rexec<\/li> rlogin<\/li> rsh<\/li> rtsp<\/li> s7-300<\/li> sip<\/li> smb<\/li> smtp<\/li> smtps<\/li> smtp-enum<\/li> snmp<\/li> socks5<\/li> ssh<\/li> sshkey<\/li> svn<\/li> teamspeak<\/li> telnet<\/li> telnets<\/li> vmauthd<\/li> vnc<\/li> xmpp<\/li><\/ul>\n\n\n\nOptions of Hydra Supported protocols<\/h2>\n\n\n\ncisco<\/strong><\/p>\n\n\n\n Module cisco is optionally taking the keyword ENTER, it then sends an initial ENTER when connecting to the service.<\/p>\n\n\n\n cisco-enable<\/strong><\/p>\n\n\n\n Module cisco-enable is optionally taking the logon password for the cisco device<\/p>\n\n\n\n Note: if AAA authentication is used, use the -l option for the username and the optional parameter for the password of the user.<\/p>\n\n\n\n Examples:<\/p>\n\n\n\n 123<\/td> hydra -P pass.txt target cisco-<\/code>enable<\/code> (direct console access)<\/code>hydra -P pass.txt -m cisco target cisco-<\/code>enable<\/code> (Logon password cisco)<\/code>hydra -l foo -m bar -P pass.txt target cisco-<\/code>enable<\/code> (AAA Login foo, password bar)<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\ncvs<\/strong><\/p>\n\n\n\n Module cvs is optionally taking the repository name to attack, default is \"\/root\"<\/p>\n\n\n\n firebird<\/strong><\/p>\n\n\n\n Module firebird is optionally taking the database path to attack, default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"<\/p>\n\n\n\n http-get, https-get, http-post, https-post<\/strong><\/p>\n\n\n\n Module http-get requires the page to authenticate.<\/p>\n\n\n\n For example: \"\/secret\" or \"http:\/\/bla.com\/foo\/bar\" or \"https:\/\/test.com:8080\/members\"<\/p>\n\n\n\n http-get-form, https-get-form, http-post-form, https-post-form<\/strong><\/p>\n\n\n\n Module http-get-form requires the page and the parameters for the web form.<\/p>\n\n\n\n By default this module is configured to follow a maximum of 5 redirections in a row. It always gathers a new cookie from the same URL without variables The parameters take three \":\" separated values, plus optional values. <\/p>\n\n\n\n (Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)<\/p>\n\n\n\n Syntax: <\/p>\n\n\n\n 1<\/td> <url>:<form parameters>:<condition string>[:<optional>[:<optional>]<<\/code>\/optional<\/code>><<\/code>\/optional<\/code>><\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nFirst is the page on the server to GET or POST to (URL).<\/li> Second is the POST\/GET variables (taken from either the browser, proxy, etc. with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\" placeholders (FORM PARAMETERS)<\/li> Third is the string that it checks for an invalid login (by default). Invalid condition login check can be preceded by \"F=\", successful condition login check must be preceded by \"S=\". This is where most people get it wrong. You have to check the webapp what a failed string looks like and put it in this parameter!<\/li><\/ul>\n\n\n\nThe following parameters are optional:<\/p>\n\n\n\n C=\/page\/uri <\/p>\n\n\n\n to define a different page to gather initial cookies from<\/p>\n\n\n\n (h|H)=My-Hdr\\: foo <\/p>\n\n\n\n to send a user defined HTTP header with each request<\/p>\n\n\n\n ^USER^ and ^PASS^ can also be put into these headers!<\/p>\n\n\n\n Note: 'h<\/strong>' will add the user-defined header at the end regardless it's already being sent by Hydra or not. <\/p>\n\n\n\n 'H<\/strong>' will replace the value of that header if it exists, by the one supplied by the user, or add the header at the end.<\/p>\n\n\n\n Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\). All colons that are not option separators should be escaped (see the examples above and below).<\/p>\n\n\n\n You can specify a header without escaping the colons, but that way you will not be able to put colons in the header value itself, as they will be interpreted by hydra as option separators.<\/p>\n\n\n\n Examples:<\/p>\n\n\n\n 12345<\/td> \"\/login.php:user=^USER^&pass=^PASS^:incorrect\"<\/code>\"\/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.success\"<\/code>\"\/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.failed\"<\/code>\"\/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"<\/code>\"\/exchweb\/bin\/auth\/owaauth.dll:destination=http%3A%2F%2F<target>%2Fexchange&flags=0&username=<domain>%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=\/exchweb\"<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nhttp-proxy<\/strong><\/p>\n\n\n\n Module http-proxy is optionally taking the page to authenticate at.<\/p>\n\n\n\n Default is http:\/\/www.microsoft.com\/)<\/p>\n\n\n\n Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.<\/p>\n\n\n\n http-proxy-urlenum<\/strong><\/p>\n\n\n\n Module http-proxy-urlenum only uses the -L<\/strong> option, not -x<\/strong> or -p\/-P<\/strong> option. The -L<\/strong> loginfile must contain the URL list to try through the proxy. The proxy credentials cann be put as the optional parameter, e.g.<\/p>\n\n\n\n 12<\/td> hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass<\/code>hydra -L urllist.txt http-proxy-urlenum:<\/code>\/\/target<\/code>.com:3128<\/code>\/user<\/code>:pass<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nimap, imaps<\/strong><\/p>\n\n\n\n Module imap is optionally taking one authentication type of: CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM<\/p>\n\n\n\n Additionally TLS encryption via STARTTLS can be enforced with the TLS option.<\/p>\n\n\n\n Example: imap:\/\/target\/TLS:PLAIN<\/p>\n\n\n\n irc<\/strong><\/p>\n\n\n\n Module irc is optionally taking the general server password, if the server is requiring one and none is passed the password from -p\/-P<\/strong> will be used<\/p>\n\n\n\n ldap2, ldap2s, ldap3, ldap3s, ldap3-crammd5, ldap3-crammd5s, ldap3-digestmd5, ldap3-digestmd5s<\/strong><\/p>\n\n\n\n Module ldap2 is optionally taking the DN (depending of the auth method choosed<\/p>\n\n\n\n Note: you can also specify the DN as login when Simple auth method is used).<\/p>\n\n\n\n The keyword \"^USER^\" is replaced with the login.<\/p>\n\n\n\n Special notes for Simple method has 3 operation modes: anonymous, (no user no pass), unauthenticated (user but no pass), user\/pass authenticated (user and pass).<\/p>\n\n\n\n So don't forget to set empty string as user\/pass to test all modes.<\/p>\n\n\n\n Hint: to authenticate to a windows active directy ldap, this is usually cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com<\/strong><\/p>\n\n\n\n mysql<\/strong><\/p>\n\n\n\n Module mysql is optionally taking the database to attack, default is \"mysql\"<\/p>\n\n\n\n nntp<\/strong><\/p>\n\n\n\n Module nntp is optionally taking one authentication type of: USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM<\/p>\n\n\n\n oracle-listener<\/strong><\/p>\n\n\n\n Module oracle-listener \/ tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR<\/p>\n\n\n\n pop3, pop3s<\/strong><\/p>\n\n\n\n Module pop3 is optionally taking one authentication type of: CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM.<\/p>\n\n\n\n Additionally TLS encryption via STLS can be enforced with the TLS option.<\/p>\n\n\n\n Example: pop3:\/\/target\/TLS:PLAIN<\/p>\n\n\n\n postgres<\/strong><\/p>\n\n\n\n Module postgres is optionally taking the database to attack, default is \"template1\"<\/p>\n\n\n\n rdp<\/strong><\/p>\n\n\n\n Module rdp is optionally taking the windows domain name.<\/p>\n\n\n\n For example:<\/p>\n\n\n\n 1<\/td> hydra rdp:<\/code>\/\/192<\/code>.168.0.1<\/code>\/firstdomainname<\/code> -l john -p doe<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\ns7-300<\/strong><\/p>\n\n\n\n Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p<\/strong> or -P<\/strong> option.<\/p>\n\n\n\n smb<\/strong><\/p>\n\n\n\n Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.<\/p>\n\n\n\n Note: you can set the group type using LOCAL or DOMAIN keyword or other_domain:{value} to specify a trusted domain.<\/p>\n\n\n\n You can set the password type using HASH or MACHINE keyword (to use the Machine's NetBIOS name as the password).<\/p>\n\n\n\n You can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.<\/p>\n\n\n\n Example: <\/p>\n\n\n\n 123<\/td> hydra smb:<\/code>\/\/microsoft<\/code>.com -l admin -p tooeasy -m <\/code>\"local lmv2\"<\/code>hydra smb:<\/code>\/\/microsoft<\/code>.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m <\/code>\"local hash\"<\/code>hydra smb:<\/code>\/\/microsoft<\/code>.com -l admin -p tooeasy -m <\/code>\"other_domain:SECONDDOMAIN\"<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nsmtp, smtps<\/strong><\/p>\n\n\n\n Module smtp is optionally taking one authentication type of: LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM<\/p>\n\n\n\n Additionally TLS encryption via STARTTLS can be enforced with the TLS option.<\/p>\n\n\n\n Example: smtp:\/\/target\/TLS:PLAIN<\/p>\n\n\n\n smtp-enum<\/strong><\/p>\n\n\n\n Module smtp-enum is optionally taking one SMTP command of: VRFY (default), EXPN, RCPT (which will connect using \"root\" account) login parameter is used as username and password parameter as the domain name<\/p>\n\n\n\n For example to test if john@localhost exists on 192.168.0.1:<\/p>\n\n\n\n 1<\/td> hydra smtp-enum:<\/code>\/\/192<\/code>.168.0.1<\/code>\/vrfy<\/code> -l john -p localhost<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nsnmp<\/strong><\/p>\n\n\n\n Module snmp is optionally taking the following parameters:<\/p>\n\n\n\n 12345678910111213<\/td> READ perform read requests (default)<\/code>WRITE perform write requests<\/code>1 use SNMP version 1 (default)<\/code>2 use SNMP version 2<\/code>3 use SNMP version 3<\/code>Note that SNMP version 3 usually uses both login and passwords!<\/code>SNMP version 3 has the following optional sub parameters:<\/code>MD5 use MD5 authentication (default)<\/code>SHA use SHA authentication<\/code>DES use DES encryption<\/code>AES use AES encryption<\/code>if no -p\/-P parameter is given, SNMPv3 noauth is performed, which<\/code>only requires a password (or username) not both.<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nTo combine the options, use colons (\":\"), e.g.:<\/p>\n\n\n\n 12<\/td> hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp<\/code>hydra -P pass.txt -m 2 target.com snmp<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nsshkey<\/strong><\/p>\n\n\n\n Module sshkey does not provide additional options, although the semantic for options -p<\/strong> and -P<\/strong> is changed:<\/p>\n\n\n\n -p expects a path to an unencrypted private key in PEM format.<\/li> -P expects a filename containing a list of path to some unencrypted private keys in PEM format.<\/li><\/ul>\n\n\n\nsvn<\/strong><\/p>\n\n\n\n Module svn is optionally taking the repository name to attack, default is \"trunk\"<\/p>\n\n\n\n telnet, telnets<\/strong><\/p>\n\n\n\n Module telnet is optionally taking the string which is displayed after a successful login (case insensitive), use if the default in the telnet module produces too many false positives<\/p>\n\n\n\n xmpp<\/strong><\/p>\n\n\n\n Module xmpp is optionally taking one authentication type of: LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1<\/p>\n\n\n\n Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org<\/p>\n\n\n\n Hydra Usage Example <\/h2>\n\n\n\nAttempt to login as the root user (-l root)<\/strong><\/em> using a password list (-P \/usr\/share\/wordlists\/metasploit\/unix_passwords.txt)<\/strong><\/em> with 6 threads (-t 6)<\/strong><\/em> on the given SSH server (ssh:\/\/192.168.1.123)<\/strong><\/em>:<\/p>\n\n\n\n 123456<\/td> hydra -l root -P <\/code>\/usr\/share\/wordlists\/metasploit\/unix_passwords<\/code>.txt -t 6 <\/code>ssh<\/code>:<\/code>\/\/192<\/code>.168.1.123<\/code>Hydra v7.6 (c)2013 by van Hauser<\/code>\/THC<\/code> & David Maciejak - <\/code>for<\/code> legal purposes only<\/code> Hydra (http:<\/code>\/\/www<\/code>.thc.org<\/code>\/thc-hydra<\/code>) starting at 2014-05-19 07:53:33<\/code>[DATA] 6 tasks, 1 server, 1003 login tries (l:1<\/code>\/p<\/code>:1003), ~167 tries per task<\/code>[DATA] attacking service <\/code>ssh<\/code> on port 22<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nAttempt to login as the user (-l user)<\/strong><\/em> using a password list (-P passlist.txt)<\/strong><\/em> on the given FTP server (ftp:\/\/192.168.0.1)<\/strong><\/em>:<\/p>\n\n\n\n 1<\/td> hydra -l user -P passlist.txt <\/code>ftp<\/code>:<\/code>\/\/192<\/code>.168.0.1<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nAttempt to login on the given SSH servers (ssh)<\/strong><\/em> from the list (-M targets.txt)<\/strong><\/em> using a user list (-L logins.txt)<\/strong><\/em> and password list (-P pws.txt)<\/strong><\/em>:<\/p>\n\n\n\n 1<\/td> hydra -L logins.txt -P pws.txt -M targets.txt <\/code>ssh<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nAttempt to login on the given FTP servers on the given subnet (ftp:\/\/[192.168.0.0\/24]\/)<\/strong><\/em> as the user admin (-l admin)<\/strong><\/em> and the password password (-p password)<\/strong><\/em>:<\/p>\n\n\n\n 1<\/td> hydra -l admin -p password <\/code>ftp<\/code>:<\/code>\/\/<\/code>[192.168.0.0<\/code>\/24<\/code>]\/<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nAttempt to login on the given mail server (imap:\/\/192.168.0.1\/)<\/strong><\/em>, using IMAP protocol with a user list (-L userlist.txt)<\/strong><\/em> and the password defaultpw (-p defaultpw)<\/strong><\/em>, taking the authentication type PLAIN:<\/p>\n\n\n\n 1<\/td> hydra -L userlist.txt -p defaultpw imap:<\/code>\/\/192<\/code>.168.0.1<\/code>\/PLAIN<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nAttempt to login on the given mail server using POP3S on the given IPv6 (-6)<\/strong><\/em> address 2001:db8::1<\/strong><\/em>, on port 143<\/strong><\/em> using the credential list \"login:password\" from the defaults.txt file (-C defaults.txt)<\/strong><\/em> taking the authentication type DIGEST-MD5<\/strong><\/em> and enforced TLS encryption via STLS (TLS)<\/strong><\/em>.<\/p>\n\n\n\n 1<\/td> hydra -C defaults.txt -6 pop3s:<\/code>\/\/<\/code>[2001:db8::1]:143<\/code>\/TLS<\/code>:DIGEST-MD5<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nxHydra (GUI for THC-Hydra)<\/h2>\n\n\n\nxhydra is Gtk+2 frontend for thc-hydra.<\/p>\n\n\n\n To start xHydra GUI issue:<\/p>\n\n\n\n 1<\/td> xhydra<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nTools included in the hydra package<\/h2>\n\n\n\nhydra \u2013 Very fast network logon cracker<\/li> pw-inspector \u2013 Reads passwords in and prints those which meet the requirements<\/li><\/ul>\n\n\n\nHelp pw-inspector<\/h2>\n\n\n\nPW-Inspector reads passwords in and prints those which meet the requirements. The return code is the number of valid passwords found, 0 if none was found. Use for security: check passwords, if 0 is returned, reject password choice. <\/p>\n\n\n\n Use for hacking: trim your dictionary file to the pw requirements of the target.<\/p>\n\n\n\n Syntax: <\/p>\n\n\n\n 1<\/td> pw-inspector [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n123456789101112<\/td> Options:<\/code>-i FILE file to read passwords from (default: stdin)<\/code>-o FILE file to write valid passwords to (default: stdout)<\/code>-m MINLEN minimum length of a valid password<\/code>-M MAXLEN maximum length of a valid password<\/code>-c MINSETS the minimum number of sets required (default: all given)<\/code>Sets:<\/code>-l lowcase characters (a,b,c,d, etc.)<\/code>-u upcase characters (A,B,C,D, etc.)<\/code>-n numbers (1,2,3,4, etc.)<\/code>-p printable characters (which are not -l\/-n\/-p, e.g. $,!,\/,(,*, etc.)<\/code>-s special characters - all others not withint the sets above<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nHow to install Hydra<\/h2>\n\n\n\nThe program is pre-installed on Kali Linux.<\/p>\n\n\n\n Installation on Linux (Debian, Mint, Ubuntu)<\/strong><\/p>\n\n\n\n 1234567<\/td> sudo<\/code> apt-get remove hydra<\/code>sudo<\/code> apt-get <\/code>install<\/code> libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev<\/code>git clone https:<\/code>\/\/github<\/code>.com<\/code>\/vanhauser-thc\/thc-hydra<\/code>.git<\/code>cd<\/code> thc-hydra\/<\/code>.<\/code>\/configure<\/code>make<\/code>sudo<\/code> make<\/code> install<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nHydra Screenshots<\/h2>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\nHydra Tutorials<\/h2>\n\n\n\nComing soon\u2026<\/p>\n\n\n\n Related tools<\/h2>\n\n\n\npatator<\/a> (97.6%)<\/li> oclHashcat<\/a> (53%)<\/li> hashcat (Hashcat & oclHashcat)<\/a> (53%)<\/li> Medusa<\/a> (53%)<\/li> Maltego<\/a> (52.4%)<\/li> evilginx2<\/a> (RANDOM - 1.1%)<\/li><\/ul>\n\n\n\nTags: Brute-force attack<\/a> gui<\/a> mssql<\/a> mysql<\/a> oracle<\/a> passwords<\/a> postgresql<\/a> SMB<\/a> SNMP<\/a> THC-Hydra<\/a><\/p>\n\n\n\n By KaliTools<\/a><\/p>\n\n\n\n You May Also Like<\/h4>\n\n\n\nMedusa<\/a><\/h5>\n\n\n\nCrunch<\/a><\/h5>\n\n\n\nALSO RECOMMENDED:<\/h4>\n\n\n\nRECENT POSTS<\/h4>\n\n\n\n ngrok<\/a><\/li> trackerjacker<\/a><\/li> OneShot<\/a><\/li> usbrip<\/a><\/li> evilginx2<\/a><\/li><\/ul>\n\n\n\nCATEGORIES<\/h4>\n\n\n\nAnonymity<\/a><\/li> Digital forensics<\/a><\/li> Exploitation Tools<\/a><\/li> Hardware Hacking<\/a><\/li> Information Gathering<\/a><\/li> Maintaining Access<\/a><\/li> Password Attacks<\/a><\/li> Sniffing & Spoofing<\/a><\/li> Stress Testing<\/a><\/li> Vulnerability Analysis<\/a><\/li> Web Applications<\/a><\/li> Wireless Attacks<\/a><\/li><\/ul>\n\n\n\nGUIDES AND ARTICLES<\/h4>\n\n\n\nVNC Security Audit<\/a>Source: Ethical hacking and penetration testing Published on 2020-06-09<\/li> How to protect web server on Kali Linux from unauthorized access<\/a>Source: Ethical hacking and penetration testing Published on 2020-06-04<\/li> How to crack VNC password from captured traffic (challenge response)<\/a>Source: Ethical hacking and penetration testing Published on 2020-06-03<\/li> Linux Wi-Fi Cheat Sheet: Tips and Troubleshooting<\/a>Source: Ethical hacking and penetration testing Published on 2020-05-28<\/li> Linux kernel modules<\/a>Source: Ethical hacking and penetration testing Published on 2020-05-27<\/li><\/ul>\n\n\n\n\u00a9 2020 Penetration Testing Tools. All Rights Reserved.Wiles <\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Penetration Testing Tools You are here: Home […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-200","post","type-post","status-publish","format-standard","hentry","category-net-security"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=200"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/200\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

Penetration Testing Tools<\/h2>\n\n\n\nYou are here: Home<\/a> \u00bb Password Attacks<\/a> \u00bb Hydra<\/p>\n\n\n\n

Hydra Tutorials<\/h2>\n\n\n\nComing soon\u2026<\/p>\n\n\n\n

ALSO RECOMMENDED:<\/h4>\n\n\n\n

Penetration Testing Tools<\/h2>\n\n\n\n
You are here: Home<\/a> \u00bb Password Attacks<\/a> \u00bb Hydra<\/p>\n\n\n\n

Hydra Tutorials<\/h2>\n\n\n\n
Coming soon\u2026<\/p>\n\n\n\n