「hydra」の版間の差分
提供: セキュリティ
(相違点なし)
|
2013年4月9日 (火) 00:11時点における版
読み方
- hydra
- ひゅどらー
概要
hydra という言葉は、ギリシャ神話ヒュドラで、9頭の大蛇です。
THC-Hydra は、多くのサービスをサポートした非常に高速なネットワークログインクラッカー(Network Login Cracker)です。
hydra は、以下の特徴があります。
- IPv6 のサポート
- GUI
- 国際化(RFC4013)
- HTTP プロキシのサポート
- SOCKS プロキシのサポート
サービスのカバレッジは
など、多くのサービスをサポートしています。
インストール
FreeBSDにインストールする場合
ports コレクションからインストールする場合
cd /usr/ports/security/hydra sudo make install clean
pkgコマンドでインストールする場合
sudo pkg install hydra
portmasterコマンドでインストールする場合
sudo portmaster -y -d /usr/ports/security/hydra
portinstallコマンドでインストールする場合
sudo portinstall /usr/ports/security/hydra
インストールされるファイル
FreeBSD にインストールされたファイルです。
% pkg_info -L hydra-7.4.2 Information for hydra-7.4.2: Files: /usr/local/bin/hydra /usr/local/bin/pw-inspector /usr/local/bin/dpl4hydra.sh /usr/local/share/licenses/hydra-7.4.2/catalog.mk /usr/local/share/licenses/hydra-7.4.2/LICENSE /usr/local/share/licenses/hydra-7.4.2/GPLv3 /usr/local/man/man1/hydra.1.gz /usr/local/man/man1/pw-inspector.1.gz
使い方
% hydra -l root -P pass.dict -e ns localhost ssh
% hydra Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [server service [OPT]]|[service://server[:PORT][/OPT]] Options: -R restore a previous aborted/crashed session -S perform an SSL connect -s PORT if the service is on a different default port, define it here -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE -p PASS or -P FILE try password PASS, or load several passwords from FILE -x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help -e nsr try "n" null password, "s" login as pass and/or "r" reversed login -u loop around users, not passwords (effective! implied with -x) -C FILE colon separated "login:pass" format, instead of -L/-P options -M FILE list of servers to be attacked in parallel, one entry per line -o FILE write found login/password pairs to FILE instead of stdout -f / -F exit when a login/pass pair is found (-M: -f per host, -F global) -t TASKS run TASKS number of connects in parallel (per host, default: 16) -w / -W TIME waittime for responses (32s) / between connects per thread -4 / -6 prefer IPv4 (default) or IPv6 addresses -v / -V / -d verbose mode / show login+pass for each attempt / debug mode -U service module usage details server the target server (use either this OR the -M option) service the service to crack. Supported protocols: cisco cisco-enable cvs ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] rdp rexec rlogin rsh sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp OPT some service modules support additional input (-U for module help) Use HYDRA_PROXY_HTTP/HYDRA_PROXY and HYDRA_PROXY_AUTH environment for a proxy. Hydra is a tool to guess/crack valid login/password pairs - usage only allowed for legal purposes. Newest version available at http://www.thc.org/thc-hydra The following services were not compiled in: postgres sapr3 firebird afp ncp oracle mysql5. Examples: hydra -l john -p doe 192.168.0.1 ftp hydra -L user.txt -p defaultpw -S 192.168.0.1 imap PLAIN hydra -l admin -P pass.txt http-proxy://192.168.0.1 hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/DIGEST-MD5
% /usr/local/bin/pw-inspector PW-Inspector v0.2 (c) 2005 by van Hauser / THC vh@thc.org [http://www.thc.org] Syntax: /usr/local/bin/pw-inspector [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s Options: -i FILE file to read passwords from (default: stdin) -o FILE file to write valid passwords to (default: stdout) -m MINLEN minimum length of a valid password -M MAXLEN maximum length of a valid password -c MINSETS the minimum number of sets required (default: all given) Sets: -l lowcase characters (a,b,c,d, etc.) -u upcase characters (A,B,C,D, etc.) -n numbers (1,2,3,4, etc.) -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.) -s special characters - all others not withint the sets above PW-Inspector reads passwords in and prints those which meet the requirements. The return code is the number of valid passwords found, 0 if none was found. Use for security: check passwords, if 0 is returned, reject password choice. Use for hacking: trim your dictionary file to the pw requirements of the target. Usage only allowed for legal purposes.