Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: brute force hydra?

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default brute force hydra?

    I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

    I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
    pass: t4m3110n (tame lion)
    but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

    also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...

  2. #2
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by tangentcollision View Post
    I keep reading these little things off google to see if I can find the correct way to do this, but I just can't find it...

    I've set up a teamspeakRC2 server on my ubuntu box below me, the only user with server administrator auth is "tangent" however, my password is an amalgamation of numbers and letters
    pass: t4m3110n (tame lion)
    but I know I won't get that password out of a normal dictionary attack. I've brute forced before using brutus (blargh) for windows. and I think there SHOULD be a way to make hydra do the same.

    also, something I've found, people that use wordlists call hydra a "brute forcer" ... I believe we have forgotten what brute force means...
    I don't see a question, but I will take a shot at answering. How are you trying to remotely login to the server (ssh, ftp, telnet, web form, etc)? You can find information about how to use hydra at http://forums.remote-exploit.org/sho...62&postcount=1

    I agree that dictionary, wordlist, and bruteforce attacks have lost some of their meaning. When I think of a dictionary attack I think that words are in the dictionary. A wordlist attack is a list of words that are not in the dictionary like the list of species found in star trek like Klingon or Lycocian. Then there is a list that contains all possible combinations of letters, number, and symbols. This one didn't have a name so I call it a combination file. The difference between a combination file and bruteforce attack is the combination file is already generated so the attack will be much faster. The downside to a combination file is its huge size as the size is the number of characters in the character set (26 for upper or lowercase, 36 for upper or lowercase and numbers, 95 for upper, lower, numbers, and symbols in english) ^ length of password. So 95^7 = 69,833,729,609,375 bytes or 70 TB so not really practical.
    I like the bleeding edge, but I don't like blood loss

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
    hmm
    I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

    I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

    ... also, can't get hatelist to work xD

  4. #4
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by tangentcollision View Post
    okay, well, what I'm trying to get at is it would be nice to be able to pipe in a bruteforce wordlist generator (or combo list generator) to make a temp file, constantly deleting the unused words (or combos)
    hmm
    I guess what I'm asking is if I could make hydra test all possible combinations of letters and numbers as passwords.

    I'm accessing the server via my own network, it's on a server box under my feet so I can keep files on it and such, with my eeepc running BT3 live from partition on an sdhc card

    ... also, can't get hatelist to work xD
    You can use crunch to generate the word and then feed the word to hydra.
    Something like this:
    crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 | hydra -l "" -P "" -f -v -e ns 192.168.1.1 http-get /
    would be a quick guess. The above IS TOTALLY UNTESTED AND WILL PROBABLY NOT WORK. But it does give you a starting point.

    Good Luck
    I like the bleeding edge, but I don't like blood loss

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    cd /pentest/passwords/crunch/
    ./crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789 -o crunch.txt | hydra -l "" -P /pentest/passwords/crunch/crunch.txt -f -v -e ns 192.168.1.1 http-get /
    but I didn't leave it more than 3 minutes and it was creating an 800mb pwl to know if that will work? na!

    also this is my router config page before i log in
    after i log in

    but thru out hydra i gave me error any help please

    root@BT4:~# hydra 192.168.2.1 http-get -v -V -l -P thepwl1.txt -e ns -t 5 -w 30 -m / -f
    Error: The web page you supplied must start with a "/", "http://" or "https://", e.g. "/protected/login"

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by manulu View Post
    but thru out hydra i gave me error any help please
    You have your -f at the end and you shouldn't (or it's easier if you don't). Go find gotmilks hydra notes, he splits them up very well.

    Also you need to figure out how to use crunch properly, you're writing it out to a file.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    thanks

    from gotmilks i follow his tutorial well explained

    about crunch; i know but after it "created" hydra shold read it but like bofh28 said "The above IS TOTALLY UNTESTED AND WILL PROBABLY NOT WORK" so i decide to write it an out put but it still fails is has to be with http-get?

    thanks again

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by manulu View Post
    is has to be with http-get?
    No it has to do with you writing to a file when you shouldn't, and not reading from a pipe when you should.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I would check out medusa. Its a much more robust tool for this type of thing in my opinion.

    Plus as is already mentioned your syntax is all messed up. you are doing this crunch --> write to a file --> pipe (wtf are you piping?) --> medusa --> read from a file

    I'm not even certain whether hydra will take stdin.

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Posts
    76

    Default

    ok i have never use crunch with hydra

    i have tweak each option at hydra also xHydra no luck!

    right now im movin to medusa i'll check later thanks!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •