THC-HYDRA








 THC-Hydra

 A very fast network logon cracker which support many different services.
 See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa


 Current Version: 7.1
 Last update 2011-10-01

[0x00] News and Changelog

Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )

Read below for Ubuntu compilation notes.
And there is a new section below for online tutorials.

CHANGELOG for 7.1
=================
* Added HTTP Proxy URL enumeration module
* Added SOCKS4/SOCKS5 proxy support with authentication
* Added IPv6 support for SOCKS5 module
* Added -e r option to try the reversed login as password
* Rewrote -x functionality as the code caused too much trouble (thanks to murder.net7(at)gmail.com for reporting one of the issues)
* Fixed a bug with multiple hosts (-M) and http modules against targets that are virtual servers. Well spotted by Tyler Krpata!
* Fixed SVN IPv6 support and updated deprecated calls
* Fixed RDP failed child connection returned value and false positive issues reported by Wangchaohui, thanks!
* Fixed restore file functionality, was not working together with -o option
* Fix in http-form module for bug introduced in 7.0
* Fixed xhydra specific parameter value for http-proxy module
* minor enhancements

You can also take a look at the full CHANGES file

[0x01] Introduction

Welcome to the mini website of the THC Hydra project.

Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.

Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and
is made available under GPLv3 with a special OpenSSL license expansion.

Currently this tool supports:
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST,
HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle,
PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum,
SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.

This tool is a proof of concept code, to give researchers and security consultants the
possiblity to show how easy it would be to gain unauthorized access from remote to a system.

The program is maintained by van Hauser and David Maciejak.

[0x02] Documentation

Hydra comes with a rather long README file that describes the
details about the usage and special options.

But sometimes detailed online help can vastly improve your efficency.
The following links on the global internet are a recommended read.

General usage and options: http://www.aldeid.com/wiki/Thc-hydra

HTTP basic auth: https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
http://www.sillychicken.co.nz/Security/how-to-brute-force-your-router-in-windows.html

HTTP form based auth: http://www.art0.org/security/performing-a-dictionary-attack-on-an-http-login-form-using-hydra
http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html
https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29

Multiple protocols: http://wiki.bywire.org/Hydra
http://www.attackvector.org/brute-force-with-thc-hydra/
http://www.madirish.net/content/hydra-brute-force-utility

Telnet: http://www.theprohack.com/2009/04/basics-of-cracking-ftp-and-telnet.html
http://www.adeptus-mechanicus.com/codex/bflog/bflog.html

If you find other good ones, just email them in ( vh(at)thc(dot)org ).

[0x03] Compilation Help

Hydry compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc.
It should even compile on historical SunOS, Ultrix etc. platforms :-)

There are many optional modules for network protocols like SSH, SVN etc. that require libraries.
If they are not found, these optional libraries will not be supported in your binary.

If you are on Debian or Ubunutu Linux, the following command installs all necessary libraries:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev \
libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev

This enables all optional modules and features with the exception of Oracle, SAP R/3 and the
Apple filing protocol - which you will need to download and install from the vendor's web sites.

For all other Linux derivates and BSD based systems, use the system software installer and look for
similar named libraries like in the command above.
In all other cases you have to download all source libraries and compile them manually.

[0x04] Disclaimer

1. This tool is for legal purposes only!
2. The GPLv3 applies to this code.
3. A special license expansion for OpenSSL is included which is required for the debian people

[0x05] Development & Contributions

Your contributions are more than welcomed!

If you find bugs, coded enhancements or wrote a new attack module for a service,
please send them to vh (at) thc (dot) org and add the word "antispam"
in the subject line.

Interesting attack modules would be:
SNMPv3, OSPF, BGP, PIM, PPTP, ...
(or anything else you might be able to do (and is not there yet))

[0x06] Screenshots

(1) Target selection

(2) Login/Password setup

(3) Hydra start and output

[0x07] The Art of Downloading: Source and Binaries

1. The source code of state-of-the-art Hydra: hydra-7.1-src.tar.gz
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

2. The source code of the stable tree of Hydra in case v7 gives you problems on unusual platforms:
hydra-5.9.1-src.tar.gz

3. The Win32/Cywin binary release: --- not anymore ---
Install cygwin from http://www.cygwin.com
and compile it yourself. If you do not have cygwin installed - how
do you think you will do proper securiy testing? duh ...

4. ARM and Palm binaries here are old and not longer maintained:
ARM: hydra-5.0-arm.tar.gz
Palm: hydra-4.6-palm.zip

Comments and suggestions are welcome.

Yours sincerly,

van Hauser
The Hackers Choice
http://www.thc.org/thc-hydra

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

Current Version: 7.1 Last update 2011-10-01