hydra篇 — hydra的使用说明
介紹:
每個密碼安全性研究都顯示,最大的安全漏洞是密碼。該工具是概念證明代碼,旨在為研究人員和安全顧問提供可能性,以顯示從遠(yuǎn)程訪問系統(tǒng)的未經(jīng)授權(quán)的訪問將是多么容易。
此工具僅用于法律目的!
已經(jīng)有幾種登錄黑客工具可用,但是,沒有一個工具支持多種協(xié)議來攻擊或支持并行連接。
經(jīng)過測試,可以在Linux,Windows / Cygwin,Solaris,FreeBSD / OpenBSD,QNX(Blackberry 10)和MacOS上進(jìn)行干凈編譯。
當(dāng)前,該工具支持以下協(xié)議:
Asterisk,AFP,Cisco AAA,Cisco auth,Cisco enable,CVS,Firebird,FTP,HTTP-FORM-GET, HTTP-FORM-POST,HTTP-GET,HTTP-HEAD,HTTP-POST ,HTTP-PROXY,HTTPS-FORM-GET, HTTPS-FORM-POST,HTTPS-GET,HTTPS-HEAD,HTTPS-POST,HTTP-Proxy,ICQ,IMAP,IRC, LDAP,MEMCACHED,MONGODB,MS-SQL,MYSQL ,NCP,NNTP,Oracle Listener,Oracle SID, Oracle,PC-Anywhere,PCNFS,POP3,POSTGRES,Radmin,RDP,Rexec,Rlogin,Rsh,RTSP, SAP / R3,SIP,SMB,SMTP,SMTP枚舉,SNMP v1 + v2 + v3,SOCKS5,SSH(v1和v2),SSHKEY, Subversion,Teamspeak(TS2),Telnet,VMware-Auth,VNC和XMPP但是,用于新服務(wù)的模塊引擎非常容易,因此不需要很長時間,直到支持更多服務(wù)。非常感謝您在編寫,增強(qiáng)或修復(fù)模塊方面的幫助!!:-)
?
在哪里獲得
您隨時可以在其項目頁面上找到hydra的最新發(fā)行版/生產(chǎn)版本,網(wǎng)址為https://github.com/vanhauser-thc/thc-hydra/releases?如果您對當(dāng)前的開發(fā)狀態(tài)感興趣,請訪問公共開發(fā)資料庫。 Github:svn co?https://github.com/vanhauser-thc/thc-hydra?或git clone?https://github.com/vanhauser-thc/thc-hydra?使用開發(fā)版本需要您自擔(dān)風(fēng)險。它包含新功能和新錯誤。事情可能不起作用!
?
?
安裝工具
yum -y install wget #下載阿里云yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum clean all && yum makecache yum -y install gcc libssh-devel openssl-devel unzip zip lib* gcc*?
Hydra安裝部署
wget --no-warc-compression https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz wget https://github.com/vanhauser-thc/thc-hydra/archive/master.zip [root@localhost ~]# ls anaconda-ks.cfg master.zip v9.1.tar.gz#Tar工具解壓Hydra軟件包 tar -xzvf v9.1.tar.gz [root@localhost ~]# ls anaconda-ks.cfg master.zip thc-hydra-9.1 v9.1.tar.gz#Cd切換至源代碼目錄 && 執(zhí)行預(yù)編譯Hydra && 編譯 && 安裝 ./configure make make install?
查看版本及其用法
[root@localhost thc-hydra-9.1]# hydra
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
Options:
? -l LOGIN or -L FILE ?login with LOGIN name, or load several logins from FILE
? -p PASS ?or -P FILE ?try password PASS, or load several passwords from FILE
? -C FILE ? colon separated "login:pass" format, instead of -L/-P options
? -M FILE ? list of servers to attack, one entry per line, ':' to specify port
? -t TASKS ?run TASKS number of connects in parallel per target (default: 16)
? -U ? ? ? ?service module usage details
? -m OPT ? ?options specific for a module, see -U output for information
? -h ? ? ? ?more command line options (COMPLETE HELP)
? server ? ?the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
? service ? the service to crack (see below for supported protocols)
? OPT ? ? ? some service modules support additional input (-U for module help)
Supported services: adam6500 asterisk cisco cisco-enable cvs ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp
Hydra is a tool to guess/crack valid login/password pairs.
Licensed under AGPL v3.0. The newest version is always available at;
https://github.com/vanhauser-thc/thc-hydra
Please don't use in military or secret service organizations, or for illegal
purposes. (This is a wish and non-binding - most such people do not care about
laws and ethics anyway - and tell themselves they are one of the good ones.)
Example: ?hydra -l user -P passlist.txt ftp://192.168.0.1
?
?
說明:
--no-check-certificate? 不檢查證書
?
相關(guān)報錯:
報錯1:
[root@localhost ~]# wget ?--no-warc-compression ??https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz
?https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz: 地址缺少協(xié)議類型.
?
# wget? --no-warc-compression? https://github.com/vanhauser-thc/thc-hydra/archive/v9.1.tar.gz
原因:該命令行出現(xiàn)了多余的空格
?
?
報錯2:
[root@localhost thc-hydra-9.1]# ./configure?
Starting hydra auto configuration ...
Detected 64 Bit Linux OS
Checking for zlib (libz/zlib.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... zlib not found, gzip support disabled
Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, SSL support disabled
Get it from http://www.openssl.org
Checking for gcrypt (libgcrypt/gpg-error.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... gcrypt not found, radmin2 module disabled
Checking for idn (libidn) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, unicode logins and passwords will not be supported
Checking for curses (libcurses/term.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, color output disabled
Checking for pcre (libpcre/pcre.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, server response checks will be less reliable
Checking for Postgres (libpq/libpq-fe.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, module postgres disabled
Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, module svn disabled
Checking for firebird (libfbclient) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module firebird disabled
Checking for MYSQL client (libmysqlclient/math.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... math.h not found, module Mysql disabled
Checking for AFP (libafpclient) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway
Checking for NCP (libncp/nwcalls.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module NCP disabled
Checking for SAP/R3 (librfc/saprfc.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module sapr3 disabled
Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp
Checking for libssh (libssh/libssh.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module ssh disabled
Get it from http://www.libssh.org
Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module Oracle disabled
Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html
Checking for Memcached (libmemcached/memcached.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module memcached disabled
Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, checking for freerdp2 module next...
Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... NOT found, module rdp disabled
Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, module mongodb disabled
Checking for smbclient (libsmbclient/libsmbclient.h) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, module smb2 disabled
Checking for GUI req's (pkg-config/gtk+-2.0) ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?... NOT found, optional anyway
Checking for Android specialities ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ... strrchr() not found
Checking for secure compile option support in gcc ...
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Compiling... no
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Linking... no
Hydra will be installed into .../bin of: /usr/local
? (change this by running ./configure --prefix=path)
Writing Makefile.in ...
now type "make"
?
解決:
yum -y install gcc libssh-devel openssl-devel unzip zip lib* gcc*
參考:
總結(jié)
以上是生活随笔為你收集整理的hydra篇 — hydra的使用说明的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 豆瓣电台歌曲链接信息
- 下一篇: mysql脏写_图解脏写、脏读、不可重复