hydra

読み方

hydra

ひゅどらー

概要

hydra という言葉は、ギリシャ神話ヒュドラで、９頭の大蛇です。

THC-Hydra は、多くのサービスをサポートした非常に高速なネットワークログインクラッカー(Network Login Cracker)です。

hydra は、以下の特徴があります。

• IPv6 のサポート
• GUI
• 国際化(RFC4013)
• HTTP プロキシのサポート
• SOCKS プロキシのサポート

medusa や ncrack よりも特徴が豊富です。

サービスのカバレッジは

• CVS
• FTP
• HTTP, HTTP フォーム, HTTP プロキシ,
• ICQ
• IRC
• LDAP
• MySQL , Oracle
• POP3 , SMTP
• ssh, telnet, rsh

など、多くのサービスをサポートしています。

インストール

FreeBSDにインストールする場合

ports コレクションからインストールする場合

cd /usr/ports/security/hydra
sudo make install clean

pkgコマンドでインストールする場合

sudo pkg install hydra

portmasterコマンドでインストールする場合

sudo portmaster -y -d /usr/ports/security/hydra

portinstallコマンドでインストールする場合

sudo portinstall /usr/ports/security/hydra

インストールされるファイル

FreeBSD にインストールされたファイルです。

% pkg_info -L hydra-7.4.2
Information for hydra-7.4.2:
 
Files:
/usr/local/bin/hydra
/usr/local/bin/pw-inspector
/usr/local/bin/dpl4hydra.sh
/usr/local/share/licenses/hydra-7.4.2/catalog.mk
/usr/local/share/licenses/hydra-7.4.2/LICENSE
/usr/local/share/licenses/hydra-7.4.2/GPLv3
/usr/local/man/man1/hydra.1.gz
/usr/local/man/man1/pw-inspector.1.gz

使い方

% hydra -l root -P pass.dict -e ns localhost ssh

% hydra
Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only
 
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o
FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x
MIN:MAX:CHARSET] [-SuvV46] [server service
[OPT]]|[service://server[:PORT][/OPT]]
 
Options:
  -R        restore a previous aborted/crashed session
  -S        perform an SSL connect
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
  -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login
  -u        loop around users, not passwords (effective! implied with -x)
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   list of servers to be attacked in parallel, one entry per line
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)
  -t TASKS  run TASKS number of connects in parallel (per host, default: 16)
  -w / -W TIME  waittime for responses (32s) / between connects per thread
  -4 / -6   prefer IPv4 (default) or IPv6 addresses
  -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode
  -U        service module usage details
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: cisco cisco-enable cvs
  ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy
  http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql
	mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] rdp
	rexec rlogin rsh sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn
	teamspeak telnet[s] vmauthd vnc xmpp
  OPT       some service modules support additional input (-U for module help)
Use HYDRA_PROXY_HTTP/HYDRA_PROXY and HYDRA_PROXY_AUTH environment for a proxy.
 
Hydra is a tool to guess/crack valid login/password pairs - usage only allowed
for legal purposes.  Newest version available at http://www.thc.org/thc-hydra
The following services were not compiled in: postgres sapr3 firebird afp ncp oracle mysql5.
 
Examples:
  hydra -l john -p doe 192.168.0.1 ftp
  hydra -L user.txt -p defaultpw -S 192.168.0.1 imap PLAIN
  hydra -l admin -P pass.txt http-proxy://192.168.0.1
  hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/DIGEST-MD5

% /usr/local/bin/pw-inspector
PW-Inspector v0.2 (c) 2005 by van Hauser / THC vh@thc.org [http://www.thc.org]
 
Syntax: /usr/local/bin/pw-inspector [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN]
[-c MINSETS] -l -u -n -p -s
 
Options:
  -i FILE    file to read passwords from (default: stdin)
  -o FILE    file to write valid passwords to (default: stdout)
  -m MINLEN  minimum length of a valid password
  -M MAXLEN  maximum length of a valid password
  -c MINSETS the minimum number of sets required (default: all given)
Sets:
  -l         lowcase characters (a,b,c,d, etc.)
  -u         upcase characters (A,B,C,D, etc.)
  -n         numbers (1,2,3,4, etc.)
  -p         printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)
  -s         special characters - all others not withint the sets above
 
PW-Inspector reads passwords in and prints those which meet the requirements.
The return code is the number of valid passwords found, 0 if none was found.
Use for security: check passwords, if 0 is returned, reject password choice.
Use for hacking: trim your dictionary file to the pw requirements of the target.
Usage only allowed for legal purposes.

関連項目

• パスワードクラック