Results 1 to 10 of 16

Thread: brute force hydra?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default brute force hydra?

    I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

    I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
    pass: t4m3110n (tame lion)
    but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

    also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...

  2. #2
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by tangentcollision View Post
    I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

    I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
    pass: t4m3110n (tame lion)
    but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

    also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...
    I don't see a question, but I will take a shot at answering. How are you trying to remotely login to the server (ssh, ftp, telnet, web form, etc)? You can find information about how to use hydra at http://forums.remote-exploit.org/sho...62&postcount=1

    I agree that dictionary, wordlist, and bruteforce attacks have lost some of their meaning. When I think of a dictionary attack I think that words are in the dictionary. A wordlist attack is a list of words that are not in the dictionary like the list of species found in star trek like Klingon or Lycocian. Then there is a list that contains all possible combinations of letters, number, and symbols. This one didn't have a name so I call it a combination file. The difference between a combination file and bruteforce attack is the combination file is already generated so the attack will be much faster. The downside to a combination file is its huge size as the size is the number of characters in the character set (26 for upper or lowercase, 36 for upper or lowercase and numbers, 95 for upper, lower, numbers, and symbols in english) ^ length of password. So 95^7 = 69,833,729,609,375 bytes or 70 TB so not really practical.
    I like the bleeding edge, but I don't like blood loss

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
    hmm
    I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

    I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

    ... also, can't get hatelist to work xD

  4. #4
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by tangentcollision View Post
    okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
    hmm
    I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

    I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

    ... also, can't get hatelist to work xD
    You can use crunch to generate the word and then feed the word to hydra.
    Something like this:
    crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | hydra -l "" -P "" -f -v -e ns 192.168.1.1 http-get /
    would be a quick guess. The above IS TOTALLY UNTESTED AND WILL PROBABLY NOT WORK. But it does give you a starting point.

    Good Luck
    I like the bleeding edge, but I don't like blood loss

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    cd /pentest/passwords/crunch/
    ./crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 -o crunch.txt | hydra -l "" -P /pentest/passwords/crunch/crunch.txt -f -v -e ns 192.168.1.1 http-get /
    but I didn't leave it more than 3 minutes and it was creating an 800mb pwl to know if that will work? na!

    also this is my router config page before i log in
    after i log in

    but thru out hydra i gave me error any help please

    root@BT4:~# hydra 192.168.2.1 http-get -v -V -l -P thepwl1.txt -e ns -t 5 -w 30 -m / -f
    Error: The web page you supplied must start with a "/", "http://" or "https://", e.g. "/protected/login"

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by manulu View Post
    but thru out hydra i gave me error any help please
    You have your -f at the end and you shouldn't (or it's easier if you don't). Go find gotmilks hydra notes, he splits them up very well.

    Also you need to figure out how to use crunch properly, you're writing it out to a file.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by manulu View Post
    ./crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 -o crunch.txt | hydra -l "" -P /pentest/passwords/crunch/crunch.txt -f -v -e ns 192.168.1.1 http-get /
    but I didn't leave it more than 3 minutes and it was creating an 800mb pwl to know if that will work? na!
    This isn't surprising.

    Every combination of a-zA-Z0-9 (62 char) with max length 8 will be:
    62^8 = 2.18340106 × 10^14 (Alpha w/ numbers)
    62^8Bytes to Terabytes =~ 198.6GB

    Hope you have lots of extra storage sitting around doing nothing.

    Of course instead of wasting all this time and effort you could simply read up on and follow industry best practices for passwords or simply increase the password to 9 characters (which makes the dict over 12 Terabytes).

    Tamelion isn't a surprising combination to find in a dictionary and plenty of dict generators have the option to convert to l33t sp34k. Try using a password that isn't actually dictionary based, whether l337 or not.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    if you find a method that works show your examples and results please

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •