Results 1 to 9 of 9

Thread: Hydra

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    18

    Default Hydra

    I have tried to read as much as possible to understand Hydra and it's functions. Pureh@tes video is cool. I think I have a good understanding of it, but one problem I'm having is when I try to use a password list that is stored on my external usb drive (160gb), I get an error, as shown below.
    Error: File for passwords not found

    If I use a small txt file on my usb drive to see if it uses that without a problem, it works.

    Xydra is what I'm using
    On the passwords tab page in the passwords list selection, i'm using pureh@tes password file, the hatelist.txt, which is 2.5gb.

    Is there a size limit for the password file with hydra?

    I am using my own equipment at home to do this testing in order to better understand security issues. Help and comments are appreciated, thanks again to Pureh@te for sharing his list. Can't wait to find out what I'm doing wrong.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by gordon__1 View Post
    I have tried to read as much as possible to understand Hydra and it's functions. Pureh@tes video is cool. I think I have a good understanding of it, but one problem I'm having is when I try to use a password list that is stored on my external usb drive (160gb), I get an error, as shown below.
    Error: File for passwords not found

    If I use a small txt file on my usb drive to see if it uses that without a problem, it works.

    Xydra is what I'm using
    On the passwords tab page in the passwords list selection, i'm using pureh@tes password file, the hatelist.txt, which is 2.5gb.

    Is there a size limit for the password file with hydra?

    I am using my own equipment at home to do this testing in order to better understand security issues. Help and comments are appreciated, thanks again to Pureh@te for sharing his list. Can't wait to find out what I'm doing wrong.
    That sounds like a path error. Are you sure you're pointing Hydra to the correct drive and file?
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    18

    Default

    Here's the setup I'm using.
    Backtrack 3 on USB stick
    asus eee w/2gb ram/4gb ssd
    160gb external USB HD with pureh@te.txt 2.5gb password list and xploitz master password list that has all the folders and files intact and also has them merged into a 3.6gb password file
    Here's the steps i'm using with Xhydra
    terminal>xhydra>target page>simple target 192.168.1.1>port 80>http get>be verbose>
    passwords page>username:admin>password list>browse to file system>mnt>sdc5>hatelist.txt>try login as password>try empty password
    Tuning page>number of tasks>30>timeout 30
    start page>start>error: file for passwords not found!

    If I put a txt file on my desktop it finds it no problem, although it contains no words so it's not going to help with xhydra

    I can browse to one of the txt files that is in a folder on the usb drive that is from Master xploitz lists and it uses it okay.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by gordon__1 View Post
    Here's the setup I'm using.
    Backtrack 3 on USB stick
    asus eee w/2gb ram/4gb ssd
    160gb external USB HD with pureh@te.txt 2.5gb password list and xploitz master password list that has all the folders and files intact and also has them merged into a 3.6gb password file
    Here's the steps i'm using with Xhydra
    terminal>xhydra>target page>simple target 192.168.1.1>port 80>http get>be verbose>
    passwords page>username:admin>password list>browse to file system>mnt>sdc5>hatelist.txt>try login as password>try empty password
    Tuning page>number of tasks>30>timeout 30
    start page>start>error: file for passwords not found!

    If I put a txt file on my desktop it finds it no problem, although it contains no words so it's not going to help with xhydra

    I can browse to one of the txt files that is in a folder on the usb drive that is from Master xploitz lists and it uses it okay.
    Let's start with the basics: First, is the 160GB drive actually /dev/sda? Assuming you booted off a USB stick, normally the USB stick would be /dev/sda, which means the 160GB drive is /dev/sdb or something similar.

    Secondly, is the 160 GB USB drive's primary partition actually /dev/sda5? The partition device name is more likely to be /dev/sdb1.

    Finally, do you really have it mounted as /mnt/sda5? Plus, it's more usual to give it a name like "/mnt/usb2" or the like.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Timeout message

    I couldn't find anything on this in the noob area, so here's my question.

    I used hydra (on BT3) to bruteforce my router with a wordlist located in /pentest/wireless/aircrack-ng/test/password.lst. I have added my password to the top of the password list to test. It worked.

    Then I have put the password at the bottom of the list and did the attack again. Now i am getting timeout messages:

    Process 6997: Can not connect [timeout], process exiting

    What am i doing wrong?

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by portal View Post
    I couldn't find anything on this in the noob area, so here's my question.

    I used hydra (on BT3) to bruteforce my router with a wordlist located in /pentest/wireless/aircrack-ng/test/password.lst. I have added my password to the top of the password list to test. It worked.

    Then I have put the password at the bottom of the list and did the attack again. Now i am getting timeout messages:

    Process 6997: Can not connect [timeout], process exiting

    What am i doing wrong?
    Check the Hydra timing options.

    Also, you might want to check about reviving zombies in the Rules. While I don't remember a specific rule against it here, in most forums it's considered gauche to revive a thread over a one or two months old. This one had 14 months since the last post.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Yeah I call it necro-posting. While its not specifically against the forum rules, it is. as thorn stated, gauche.

    For the academically challenged who don't know what gauche means:

    gauche = lacking social grace, sensitivity, or acuteness; awkward; crude; tactless: Their exquisite manners always make me feel gauche.


  8. #8
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default

    Glad I am a righty after having read that..

    (gauche = left in french)

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default

    Ok, I will keep that in mind next time

    I think I got it working now though. I used the ''show attempts'' function, and put the tasks to 3 at a time. Problem solved.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •