Example with Username Set to “administrator”
Hydra –L
administrator
–P
password.txt
Example with Username Set to username list
Hydra –L
users.txt
–P
password.txt
Note
: We need to define the location of the username/password list file for hydra to work.
Cracking Services with Hydra
Let’s start by cracking an ftp password with hydra, which is one of the most commonly found
services. For that, we need an ftp service to be running on the target. Consider the target machine
having an IP address of 192.168.75.40.
By performing a simple port scan with nmap we figure out that the target machine is running
an FTP server at port 21.
Looking at the other services such as Ms-term-serv and Netbios, we can conclude that the FTP
server is being run on the Windows operating system which has the username “administrator” by
default. (We can also verify it by performing an OS detection with nmap) So we can specify the
username as “administrator” in hydra, which can save us some time, but it’s recommended that
you use a wordlist.
Now in order to use hydra to brute-force the ftp password, we need to issue the following
command:
hydra –l administrator –P/pentest/passwords/wordlist/darkcode.lst
192.168.75.140 ftp
Remote Exploitation
◾
169
The command is very simple. We have specified the username as “administrator” followed by
the –P parameter and the location where the wordlist is located. In BackTrack, the default list is
located in the
/pentest/passwords/wordlist/
directory.
Notice that hydra has managed to find the password: “aedis”. While performing this brute
force attack, a huge traffic was noticed on the server end, and from the ftp logs, we could see hydra
in action, where it has left a huge log of presence. These brute force attacks are not recommended.
Now that we know the username and the password for the ftp server, we can try logging in.
Type in “ftp” followed by the server name. It will ask for username and password. After entering
it, we will be able to log in to the FTP server, where we can issue further commands.
In a similar manner, we can use Hydra to brute-force other services such as SSH, SMB,
and RDP. The method for cracking a webform is a bit different; however, there are much better
tools to do it than Hydra, which we will discuss when we reach the “Web Hacking chapter”
(Chapter 12).
|