THC-HYDRA - fast and flexible network login hacker

 THC-Hydra

 A very fast network logon cracker which support many different services
 hydra-5.7-src.tar.gz

 Last update 2010-06-14


 [0x00] News and Changelog

        Good news: hydra is now maintained again by me! (as of June 2010),
        and is now under GPLv3!
        
        another good news (for me): no more windows .exe cygwin port. So
        many clueless people hassled me why hydra.exe does not work for them
        when they double-click on it ... duh

        And finally: a new version of hydra :-)


	CHANGELOG for 5.7: (last public version was 5.4)
	###########
	* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
	* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
	* Removed unnecessary compiler warnings
	* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
	* Fixed small local defined overflow in the teamspeak module. Does it still work anyway??
	 
	Release 5.6  PRIVATE VERSION
	###########
	* Moved to GPLv3 License (lots of people wanted that)
	* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for the 0.2 basis)
	* Added firebird support (by David Maciejak @ GMAIL dot com)
	* Added SIP MD5 auth patch (by Jean-Baptiste Aviat jba [at] hsc [dot] `french tld')
	* Removed Palm and ARM support
	* Fix for cygwin which falsely detected postgres library when there was none.
	* Several small bugfixes

	Have fun!


 [0x01] Introduction

	Welcome to the mini website of the THC Hydra project.

	Number one of the biggest security holes are passwords, as every password security study shows.
	Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
	are easy to add, beside that, it is flexible and very fast.

	Currently this tool supports:
	  TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
          RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
          ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable,
          LDAP2, Cisco AAA (incorporated in telnet module).

	This tool is a proof of concept code, to give researchers and security
	consultants the possiblity to show how easy it would be to gain unauthorized
	access from remote to a system.


 [0x02] Disclaimer

	1. This tool is for legal purposes only!
	2. The GPLv3 applies to this code.


 [0x03] Documentation 
 
	Hydra comes with a rather long README file that describes the
	details about the usage and special options.


 [0x04] Development & Contributions

	Your contributions are more than welcomed!
	
	If you find bugs, coded enhancements or wrote a new attack module for a service,
	please send them to vh (at) thc (dot) org and add the word "antispam"
	in the subject line.

	Interesting attack modules would be:
	Subversion, Oracle SQL*Net, HTTP-NTLM, PPPoE, PPTP, ...
	(or anything else you might be able to do (and is not there yet))

 
 [0x05] Screenshots

	
	(1) Target selection

	
	(2) Login/Password setup

	
	(3) Hydra start and output


 [0x06] The Art of Downloading: Source and Binaries
 
	For your pleasure, Hydra comes as source and binary release.

	1. The source code of Hydra: hydra-5.7-src.tar.gz
	   (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

	2. The Win32/Cywin binary release: --- not anymore ---
	   Install cygwin from http://www.cygwin.com
	   and compile it yourself. If you do not have cygwin installed - how
	   do you think you will do proper securiy testing? duh ...

        3. ARM and Palm binaries here are old and not longer maintained:
	     ARM:  hydra-5.0-arm.tar.gz
             Palm: hydra-4.6-palm.zip


 Comments and suggestions are welcome.

 Yours sincerly,

 van Hauser
 The Hackers Choice
 http://freeworld.thc.org