Hack Reports

THC-HYDRA UPDATED - A FASTER 8.1 VERSION RELEASED!

Geetansh Jindal -

THC-HYDRA UPDATED - A FASTER 8.1 VERSION RELEASED!

THC Hydra is often a tool of choice when you aim to crack a remote authentication service. Rapid dictionary attacks to brute force crack the security holes : the security passwords is what Hydra is known to endeavor. Now, that too with fast and easy to inculcate modules provided in a new version: version 8.1.

THC-hydra is known to perform against more than 30 protocols, namely :

  • Linux ,Windows/Cygwin,
  • Solaris 11, FreeBSD 8.1 and OSX,
  • Cisco AAA, Cisco auth, Cisco enable,
  • CVS, Firebird,
  • HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY.
  • ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP,
  • Oracle Listener, Oracle SID, Oracle, PC-Anywhere,
  • PNFS, POP3, POSTGRES,
  • RDP, Rexec, Rlogin, Rsh,
  • SAP/R3, SIP, SMB,
  • SMTP, SMTP Enum, SNMP,
  • SOCKS5, SSH (v1 and v2),
  • Subversion, Teamspeak (TS2),
  • Telnet, VMware-Auth,
  • VNC and XMPP.

New amendments :

  • Development shifted to https://github.com/vanhauser-thc/thc-hydra  ;a public github repository.

  • A patch allowing h/H header options for http-forms-* added (credits to Ander Juaristi).

  • Cracked login:password combinations, now printed with hostname or IP and not always with IP.

  • Enrichment of -M for better and more target distribution.

  • Enhanced -M to support ports,colon(:) addition in “host:port” ; “[ipv6ipaddress]:port” in case of ipv6.

  • Cisco-enabled in case of usage of initial Login/password (credits to Joswrite for reporting).

  • Patch-addition allowing better MySQL compilation and an android file and Makefile (credits to tux-mind).

  • Inclusion of xhydra gtk patches supporting -h, -U, -f , -F,-q and -e r options (credits to Petar Kaleychev).

  • For better identification of server errors and auth failures, a patch for teamspeak has been added (credits to Petar Kaleychev).

  • Rectification of cisco module crash (credits to Anatoly mamaev for reporting).

  • HTTP form module remedied for redirection of pages where S=string match wouldn’t work.

  • Configure updated to detect subversion packages on current Cygwin.

  • Applied Limitations to avoid lofty and deleterious input files for -L, -P, -C, and -M.

  • RDP module remedied to support the port options (credits to and.enshine@gmail.com).

Supported Platforms :

  • All UNIX platforms (linux, *bsd, solaris, etc.);
  • Mac OS/X;
  • Windows with Cygwin (both IPv4 and IPv6);
  • Linux, Mac OS/X or QNX-based mobile systems (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq).

COMPILATION :

  • Start by typing in:

./configure
            make
            make install
Installation,configuration and compilation of HYDRA incurs.

  • In case you want the ssh module, you need to have libssh on your system. You may obtain it from http://www.libssh.org (pay attention that you need to get libssh , not libssh2).
  • Add  "-DWITH_SSH1=On" option in the cmake command line for ssh v1 support.
  • For Ubuntu/Debian users, to install supplementary libraries :

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \

libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \

firebird2.1-dev libncp-dev

All optional modules and features with the exception of Oracle, SAP R/3 and the apple filing protocol are enabled.

  • Linux derivatives and BSD based systems may use the software installer to look for the similar named libraries in the command written above.
  • In all other cases, you will have to manually compile all libraries’ sources after downloading..

Download