Hydra 簡介:

? hydra是著名黑客組織thc的一款開源的暴力密碼破解工具，可以在線破解多種密碼奢赂。官網(wǎng)排霉，可支持AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP等類型密碼。

參數(shù)說明:

hydra

[[[-l LOGIN|-L FILE] [-p PASS|-P FILE|-x OPT -y]] | [-C FILE]]

[-e nsr] [-u] [-f|-F] [-M FILE] [-o FILE] [-b FORMAT]

[-t TASKS] [-T TASKS] [-w TIME] [-W TIME] [-m OPTIONS] [-s PORT]

[-c TIME] [-S] [-O] [-4|6] [-I] [-vV] [-d]

server service [OPTIONS]

? ? -R? ? restore? a? previously aborted session. Requires a hydra.restore file was written. Options are restored, but can be changed by

? ? ? ? ? setting them after -R on the command line

? ? ? ? ? ? 繼續(xù)從上一次進(jìn)度接著破解煮落。

? ? -S? ? connect via SSL

? ? ? ? ? ? 采用SSL鏈接敞峭。

? ? -O? ? use old SSL v2 and v3

? ? -s PORT

? ? ? ? ? if the service is on a different default port, define it here

? ? ? ? ? PORT 可通過這個參數(shù)指定非默認(rèn)端口

? ? -l LOGIN

? ? ? ? ? or -L FILE login with LOGIN name, or load several logins from FILE

? ? ? ? ? LOGIN 指定破解的用戶，對特定用戶破解蝉仇。

? ? -p PASS

? ? ? ? ? or -P FILE try password PASS, or load several passwords from FILE

? ? ? ? ? 指定特定密碼

? ? -x min:max:charset

? ? ? ? ? generate passwords from min to max length. charset can contain 1

? ? ? ? ? ? for numbers, a for lowcase and A for upcase characters.

? ? ? ? ? ? Any other character is added is put to the list.

? ? ? ? ? ? ? Example: 1:2:a1%.

? ? ? ? ? ? ? The generated passwords will be of length 1 to 2 and contain

? ? ? ? ? ? ? lowcase letters, numbers and/or percent signs and dots.

? ? -y? ? disable use of symbols in -x bruteforce, see above

? ? -e nsr additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass

? ? ? ? -e ns 可選選項(xiàng)旋讹，n：空密碼試探，s：使用指定用戶和密碼試探

? ? -C FILE

? ? ? ? ? colon separated "login:pass" format, instead of -L/-P options

? ? ? ? ? FILE 使用冒號分割格式轿衔，例如“登錄名:密碼”來代替-L/-P參數(shù)

? ? -u? ? by default Hydra checks all passwords for one login and then tries the next login. This option loops around? the? pass-

? ? ? ? ? words, so the first password is tried on all logins, then the next password.

? ? -f? ? exit after the first found login/password pair (per host if -M)

? ? ? ? ? 在使用-M參數(shù)以后骗村，找到第一對登錄名或者密碼的時候中止破解

? ? -F? ? exit after the first found login/password pair for any host (for usage with -M)

? ? -M FILE

? ? ? ? ? server list for parallel attacks, one entry per line

? ? -o FILE

? ? ? ? ? write found login/password pairs to FILE instead of stdout

? ? -b FORMAT

? ? ? ? ? specify the format for the -o FILE: text(default), json, jsonv1

? ? -t TASKS

? ? ? ? ? run TASKS number of connects in parallel (default: 16)

? ? -m OPTIONS

? ? ? ? ? module specific options. See hydra -U <module> what options are available.

? ? -w TIME

? ? ? ? ? defines the max wait time in seconds for responses (default: 32)

? ? ? ? ? -w TIME 設(shè)置最大超時的時間，單位秒呀枢，默認(rèn)是32s。

? ? -W TIME

? ? ? ? ? defines? a? wait? time? between? each connection a task performs. This usually only makes sense if a low task number is

? ? ? ? ? used, .e.g -t 1

? ? -c TIME

? ? ? ? ? the wait time in seconds per login attempt over all threads (-t 1 is recommended) This usually only makes? sense? if? a

? ? ? ? ? low task number is used, .e.g -t 1

? ? -4 / -6

? ? ? ? ? prefer IPv4 (default) or IPv6 addresses

? ? -v / -V

? ? ? ? ? verbose mode / show login+pass combination for each attempt

? ? -d? ? debug mode

? ? -I? ? ignore an existing restore file (dont wait 10 seconds)

? ? -h, --help

? ? ? ? ? Show summary of options.????

破解示例：

1笼痛、破解ssh:

hydra -l 用戶名 -p 密碼字典 -t 線程 -vV -e ns ip sshhydra -l 用戶名 -p 密碼字典 -t 線程 -o save.log -vV ip ssh

2裙秋、破解ftp:

hydra ip ftp -l 用戶名 -P 密碼字典 -t 線程(默認(rèn)16) -vVhydra ip ftp -l 用戶名 -P 密碼字典 -e ns -vV

3、get方式提交缨伊，破解web登錄:

hydra -l 用戶名 -p 密碼字典 -t 線程 -vV -e ns ip http-get /admin/hydra -l 用戶名 -p 密碼字典 -t 線程 -vV -e ns -f ip http-get /admin/index.php

4摘刑、post方式提交，破解web登錄:

hydra -l 用戶名 -P 密碼字典 -s 80 ip http-post-form "/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password"

hydra -t 3 -l admin -P pass.txt -o out.txt -f 192.168.1.1 http-post-form "login.php:id=^USER^&passwd=^PASS^:<title>wrong username or password</title>"

（參數(shù)說明：-t同時線程數(shù)3刻坊，-l用戶名是admin枷恕，字典pass.txt，保存為out.txt谭胚，-f 當(dāng)破解了一個密碼就停止徐块， 192.168.1.1?目標(biāo)ip，http-post-form表示破解是采用http的post方式提交的表單密碼破解,中的內(nèi)容是表示錯誤猜解的返回信息提示灾而。）

破解https:

hydra -m /index.php -l muts -P pwd.txt 192.168.1.1?https

破解teamspeak

hydra -l 用戶名 -P 密碼字典 -s 端口號 -vV ip teamspeak

破解cisco:

hydra -P pass.txt 192.168.1.1? ciscohydra -m cloud -P pass.txt 192.168.1.1? cisco-enable

破解smb:

hydra -l administrator -P pass.txt 192.168.1.1? smb

破解pop3:

hydra -l muts -P pass.txt my.pop3.mail pop3

破解rdp:

hydra ip rdp -l administrator -P pass.txt -V

破解http-proxy:

hydra -l admin -P pass.txt http-proxy://10.36.16.1

破解imap:

hydra -L user.txt -p secret 192.168.1.1? imap PLAINhydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac12]:143/PLAIN