*What is THC-Hydra?*
A very fast network logon cracker that support many different services. Free of charge for non-enterprise use Source
*Protocols Supported byTHC-Hydra:*
*.POP3
*.FTP
*.HTTP-GET, HTTP-FORM-POST, HTTPS-GET…
*.Firebird
*.Subversion (SVN)
*.Telnet
*.And many moreWhat type of attacks can THC-HYDRA do?*.
*Parallel dictionary attacks (16 threads by default)
*.Brute force/Hybrid attacks
*.Check for null, reversed, same as username passwords
*.Slow down the process of attack- prevent detection- IPS (Intrusion Prevention System)
*.Parallel attack of different servers
*How to install on Windows?*
*.Downloadand install CYGWIN – Linux-like environment for Windows.
*DownloadTHC Hydra
*.Navigate to the directory where Hydra is placed
*.Open CYGWIN and type the command:cd C:\hydra-7.3
*.Next “./configure“, then “make” and finally “make install“
*.For help- type:hydra
*.For help for module- type:hydra –U “module-name”
Cygin download from here for windows
http://www.cygwin.com/
Download th hydra from here for windows
http://www.cygwin.com/
Example:
hydra –U http-form-postHow to use it?
Test site: http://testasp.vulnweb.com/
*Generate All Possible Combinations Attack*
*.Register a new user “admin28” with password “12345”
*.Open “Developers Tool” Chrome Browser
*.Click on the Network Tab
*.Click the Recording button
*.Navigate to the test site
*.Enter the username and the password
*.Find the post request in the Networktab
*.NextOpen Cygwin
*.Navigateto the hydra’s folder
*.Executethe following command: hydra -l admin28 -x3:5:1 -o found.txt testasp.vulnweb.com http-post-form “/Login.asp?RetURL=%2FDefault%2Easp%3F:tfUName=^USER^&tfUPass=^PASS^:S=logout admin28”
The “admin28” user password willbe saved in the “found.txt” file located in the hydra’s folder
*-l admin28 –* point the username
*-x3:5:1 –* generates passwords with length between 3 and 5 with all numbers*-o found.txt –* the found passwords will be stored here
Arguments:
*testasp.vulnweb.com http-post-form*– host name + type of protocol*“/Login.asp?RetURL=%2FDefault%2Easp%3F:tfUName=^USER^&tfUPass=^PASS^:S=logout admin28”–*
{relativeURL}:{FormDataParametersForUsernameAndPassword}:S={whatToFindInHtmlIfSuccessfullyLoggedIn}
Relative url:
/Login.asp?RetURL=%2FDefault%2Easp%3F
You can copy the second part of the Form Data Row in the post request. Replace the real username with ^USER^ and the password with ^PASS^. The tool will replace them with the auto-generated ones.With “:S=logout” you tell Hydra that it should stop trying if the HTML response contains the word “logout”.If you want to perform dictionary attack,you can use the following command:
*hydra -l admin29 -P pass.txt -o found.txt testasp.vulnweb.com http-post-form “/Login.asp?RetURL=%2FDefault%2Easp%3F:tfUName=^USER^&tfUPass=^PASS^:S=logout admin29”*
-P pass.txt – path to the file containing the passwords
*THC-Hydra Advanced command attributes*
*.the “-vV” only puts Hydra into a verbose mode, so you see what is going on while it is running
*.the “-e ns” instructs Hydra to attempt check for valid NULL connection (meaning blank or no password used
*.the “-t x” defines the thread count to be used, or how many tasks at once (where x = a number)
*.the “-f” instructs Hydra to exit uponfinding the first set of valid credentials or user/pass combo
*.the “-s” instruct Hydra to use SSL for connection
*This tool should not be used to attack websites or services where you do not have permissionto do so. Use this for legitimate testing purposes only.*
*⚔EAGLE ANONYMOUSπ₯#*
