hydra篇 — hydra的使用说明
介绍:
每个密码安全性研究都显示,最大的安全漏洞是密码。该工具是概念证明代码,旨在为研究人员和安全顾问提供可能性,以显示从远程访问系统的未经授权的访问将是多么容易。
此工具仅用于法律目的!
已经有几种登录黑客工具可用,但是,没有一个工具支持多种协议来攻击或支持并行连接。
经过测试,可以在Linux,Windows / Cygwin,Solaris,FreeBSD / OpenBSD,QNX(Blackberry 10)和MacOS上进行干净编译。
当前,该工具支持以下协议:
Asterisk,AFP,Cisco AAA,Cisco auth,Cisco enable,CVS,Firebird,FTP,HTTP-FORM-GET, HTTP-FORM-POST,HTTP-GET,HTTP-HEAD,HTTP-POST ,HTTP-PROXY,HTTPS-FORM-GET, HTTPS-FORM-POST,HTTPS-GET,HTTPS-HEAD,HTTPS-POST,HTTP-Proxy,ICQ,IMAP,IRC, LDAP,MEMCACHED,MONGODB,MS-SQL,MYSQL ,NCP,NNTP,Oracle Listener,Oracle SID, Oracle,PC-Anywhere,PCNFS,POP3,POSTGRES,Radmin,RDP,Rexec,Rlogin,Rsh,RTSP, SAP / R3,SIP,SMB,SMTP,SMTP枚举,SNMP v1 + v2 + v3,SOCKS5,SSH(v1和v2),SSHKEY, Subversion,Teamspeak(TS2),Telnet,VMware-Auth,VNC和XMPP但是,用于新服务的模块引擎非常容易,因此不需要很长时间,直到支持更多服务。非常感谢您在编写,增强或修复模块方面的帮助!!:-)
在哪里获得
您随时可以在其项目页面上找到hydra的最新发行版/生产版本,网址为https://github.com/vanhauser-thc/thc-hydra/releases 如果您对当前的开发状态感兴趣,请访问公共开发资料库。 Github:svn co https://github.com/vanhauser-thc/thc-hydra 或git clone https://github.com/vanhauser-thc/thc-hydra 使用开发版本需要您自担风险。它包含新功能和新错误。事情可能不起作用!
安装工具
yum -y install wget
#下载阿里云yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all && yum makecache
yum -y install gcc libssh-devel openssl-devel unzip zip lib* gcc*
Hydra安装部署
wget --no-warc-compression https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz
wget https://github.com/vanhauser-thc/thc-hydra/archive/master.zip
[root@localhost ~]# ls
anaconda-ks.cfg master.zip v9.1.tar.gz
#Tar工具解压Hydra软件包
tar -xzvf v9.1.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg master.zip thc-hydra-9.1 v9.1.tar.gz
#Cd切换至源代码目录 && 执行预编译Hydra && 编译 && 安装
./configure
make
make install
查看版本及其用法
[root@localhost thc-hydra-9.1]# hydra
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
Options:
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ':' to specify port
-t TASKS run TASKS number of connects in parallel per target (default: 16)
-U service module usage details
-m OPT options specific for a module, see -U output for information
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)Supported services: adam6500 asterisk cisco cisco-enable cvs ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs.
Licensed under AGPL v3.0. The newest version is always available at;
https://github.com/vanhauser-thc/thc-hydra
Please don't use in military or secret service organizations, or for illegal
purposes. (This is a wish and non-binding - most such people do not care about
laws and ethics anyway - and tell themselves they are one of the good ones.)Example: hydra -l user -P passlist.txt ftp://192.168.0.1
说明:
--no-check-certificate 不检查证书
相关报错:
报错1:
[root@localhost ~]# wget --no-warc-compression https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz
https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz: 地址缺少协议类型.
# wget --no-warc-compression https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz
原因:该命令行出现了多余的空格
报错2:
[root@localhost thc-hydra-9.1]# ./configure
Starting hydra auto configuration ...
Detected 64 Bit Linux OSChecking for zlib (libz/zlib.h) ...
... zlib not found, gzip support disabled
Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ...
... NOT found, SSL support disabled
Get it from http://www.openssl.org
Checking for gcrypt (libgcrypt/gpg-error.h) ...
... gcrypt not found, radmin2 module disabled
Checking for idn (libidn) ...
... NOT found, unicode logins and passwords will not be supported
Checking for curses (libcurses/term.h) ...
... NOT found, color output disabled
Checking for pcre (libpcre/pcre.h) ...
... NOT found, server response checks will be less reliable
Checking for Postgres (libpq/libpq-fe.h) ...
... NOT found, module postgres disabled
Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ...
... NOT found, module svn disabled
Checking for firebird (libfbclient) ...
... NOT found, module firebird disabled
Checking for MYSQL client (libmysqlclient/math.h) ...
... math.h not found, module Mysql disabled
Checking for AFP (libafpclient) ...
... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway
Checking for NCP (libncp/nwcalls.h) ...
... NOT found, module NCP disabled
Checking for SAP/R3 (librfc/saprfc.h) ...
... NOT found, module sapr3 disabled
Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp
Checking for libssh (libssh/libssh.h) ...
... NOT found, module ssh disabled
Get it from http://www.libssh.org
Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ...
... NOT found, module Oracle disabled
Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html
Checking for Memcached (libmemcached/memcached.h) ...
... NOT found, module memcached disabled
Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ...
... NOT found, checking for freerdp2 module next...
Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ...
... NOT found, module rdp disabled
Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ...
... NOT found, module mongodb disabled
Checking for smbclient (libsmbclient/libsmbclient.h) ...
... NOT found, module smb2 disabled
Checking for GUI req's (pkg-config/gtk+-2.0) ...
... NOT found, optional anyway
Checking for Android specialities ...
... strrchr() not found
Checking for secure compile option support in gcc ...
Compiling... no
Linking... noHydra will be installed into .../bin of: /usr/local
(change this by running ./configure --prefix=path)Writing Makefile.in ...
now type "make"
解决:
yum -y install gcc libssh-devel openssl-devel unzip zip lib* gcc*