Results 1 to 8 of 8

Thread: HydraGTK Question

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default HydraGTK Question

    When using HydraGTK, Under the password tab it asks for a username. If i'm looking to try and get the local admin accounts password, would it be as simple as machinename\administrator. I already know the password to the machine but I wanted to see if the word list attack works on a local account. I'm using the smb protocol. I got it working for a network account, granted I had to turn off the 3 strike and your out rule, but I did not think the local account would lock so I figured I'd go after that. I have tried running this several times and it resolves the address ok and then starts the attack. Gives me a status and then I get cannot connect (unreachable). I know the pc is still on and pingable since it is right next to me. Any thoughts on this??

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    You trying this on your works server or your home comp??
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    This is being done on the hand me down test network just put in the office. Completely off the actual network. My group built this so we could test and destroy at will and not hurt the live network. No No I would not be trying this on the live system, boss doesn't mind us beating up a test lap but the real deal would not go over so well. :-)

  4. #4
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    Interesting find, if I create a new local user, I called it dave. Set the password and in Hydra, under the username just put in dave with no machine name everything runs and password is shown. If I put in administrator it says it finishes but does not display anything. Why would it work with one and not the other??

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by LunchBox View Post
    Interesting find, if I create a new local user, I called it dave. Set the password and in Hydra, under the username just put in dave with no machine name everything runs and password is shown. If I put in administrator it says it finishes but does not display anything. Why would it work with one and not the other??
    What happens if you don't specify a machine name with the admin account? Also..is the admin account really called administrator?? Do a net view from a windows command prompt( not sure exactly how this works under Linux) and make sure the admin account is really called or labeled administrator. Also..I believe Hydra is case sensitive.

    <Wish I had my laptop up and running to help you better>
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    If I do or don't specify a machine name the outcome is the same with the Administrator account. It does say the attack finished but does not give me any results :-(

    I did double and triple check that the username is actually Administrator. I figured Hydra might be case sensitive so I made sure I am typing it correctly also. Getting frustrated on this one so i'm off to lunch for now :-)

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Did you make the password for Dave the same as the password for Administrator? The Administrator bruteforce may have just completed without a match.

    If it's the same password for both accounts then there's a bigger issue at play.

  8. #8
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    Should have posted that both accounts have the same exact password

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •