Results 1 to 7 of 7

Thread: Medusa / Hydra / John the Ripper

  1. #1
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default Medusa / Hydra / John the Ripper

    I would like to know how these programs work, because I try them I always get succeeded, even if I input a wrong password. Do I get the mode wrong? I also want to use John to generate passwords Medusa or Hydra can use and then throw them away (so I won't need a big wordlist) but I don't know how to. Can someone help me?

  2. #2
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    Quote Originally Posted by whoopa7 View Post
    I would like to know how these programs work, because I try them I always get succeeded, even if I input a wrong password. Do I get the mode wrong?
    hydra has sometimes problems with the protocol via the network. For example telnet is often interpreted a bit false and so you will get lots of false positives, frame based auth also often has some troubles with it you have to try it yourself to find your best practice!

    I have never ever any fals pos with john ... explain a bit more what you are doing ...

    m-1-k-3

  3. #3
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Whoopa I doubt you are using the correct protocools, however in answer to your other question the command your looking for is

    "john --incremental=All --stdout"

    But im unsure if you can pipe john into hydra, if you were to try im unsure of the switches off the top of my head they could look something like

    john --incremental=All --stdout | hydra -l "" -f -v -e

    Post us more information of what it is your trying to do and maybe we can help some more
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  4. #4
    Junior Member otkaz's Avatar
    Join Date
    Jan 2010
    Location
    Houston, TX
    Posts
    38

    Default

    Quote Originally Posted by killadaninja View Post
    Whoopa I doubt you are using the correct protocools, however in answer to your other question the command your looking for is

    "john --incremental=All --stdout"

    But im unsure if you can pipe john into hydra, if you were to try im unsure of the switches off the top of my head they could look something like

    john --incremental=All --stdout | hydra -l "" -f -v -e

    Post us more information of what it is your trying to do and maybe we can help some more
    hydra will not accept stdin and I'm pretty sure neither will medusa

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by otkaz View Post
    hydra will not accept stdin and I'm pretty sure neither will medusa
    thanks barbsie xargs is really handy it didn't work well with medusa, but I can use it for allot of other things now that I know about it
    xargs does work
    I used
    perl scripts/2wiregen.perl | xargs -L 1 medusa -h 192.168.1.254 -u "" -M web-form -p
    the -L 1 runs the command for every line outputted from the script
    it works but runs incredible slow so not really worth bothering with...
    What about your statement above from this post?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Junior Member otkaz's Avatar
    Join Date
    Jan 2010
    Location
    Houston, TX
    Posts
    38

    Default

    Quote Originally Posted by archangel.amael View Post
    What about your statement above from this post?
    using xargs with hydra is slow as snot, and probably about the equivalent of just typing the command out for every password in your dictionary as I pointed out in that post.... you should try it. I have a slow computer you might get better results.

    it works but runs incredible slow so not really worth bothering with...

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by otkaz View Post
    using xargs with hydra is slow as snot, and probably about the equivalent of just typing the command out for every password in your dictionary as I pointed out in that post.... you should try it. I have a slow computer you might get better results.
    The reason I asked you was because in the first response you made, you stated that it did not work. But in the thread I link you posted that it would work but was only slow. But at least we do have some info regarding the question on it.
    Cheers
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •