How to crack things like FTP/SSH/POP3 etc. Well, here is a quick way to
do this for all you Windows users out there, provided you have a decent
sized password dictionary. I personally use one of about 3.16GB in
size, but for this tutorial I'm only going to use a small password
list, just so you get the feel of it. First step, download hydra either
from it's homepage
([url="http://freeworld.thc.org/thc-hydra%29,as"]http://freeworld.thc.org/thc-hydra),as[/url]
that's what this tutorial is written for. Download the zip file,
extract it, and make sure you see the files below
If
you do, that's good. Go to Start > Run > cmd to open the command
prompt. Then change to your hydra folder using the “cd” command. For
example my hydra folder was on the desktop, so I did this
Now
that you've done this, it's time to execute Hydra for the first time!
Sorry Windows fans, but there is only a GUI for Hydra for Linux
systems, you you're gonna have to do it the old fashioned way. Never
thought you'd see that happen did ya? Just type “hydra.exe” without quotes, and watch the result
Next, we will do a quick scan to think of some IP's to attack. I would advise Nmap. You can download it fromhttp://nmap.org
– make sure to download the windows installer. Install it. Find out
your IP address, so that you know a possible IP range. In the command
prompt sessions, type “ipconfig” and watch the results
In
my case, the range is at least 10.1.1.1-4, but I'll go from 1 to 10
just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10”
to see what hosts are alive, and wait for the results
Pick
a host to port scan – I picked 10.1.1.1 because it is a router, and for
most people the password is generally pretty simple, if not default.
Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1”
and see if it's running any services (click on the “Ports/Hosts” tab at
the end for a simpler view of the services running and their ports)
As
I've indicated by circling, I'll be attacking the Telnet port because I
know that it works, because I know you guys think Telnet is the be-all
and end-all of hacking, and because the Windows version of THC-Hydra
isn't compiled with LIBSSH support (unless you did it yourself), and as
such I can't attack SSH – otherwise I'd be doing that instead. It's so
much better. Head back to your command session, and review the output
from Hydra before; it tells you the services it can crack. After
looking through it, and realising that Telnet definitely is there, we
can now proceed to attack it with the command “hydra -l admin -P
passlist.txt 10.1.1.1 telnet” as is demonstrated here
An
explanation of the command: -l admin was used because I assumed that
the router would have the login of “admin”. You can use username lists
as well if you wish. -P passlist.txt specified a password dictionary
named “passlist.txt” - make sure to have the -P include the capital P,
otherwise you'll be specifying a password to try. 10.1.1.1 is the
routers IP address, and telnet is the protocol we want to attack. Now
obviously we could tell it to attack that protocol on a different port,
but we won't bother with that right now unless anyone else wants to see
how. My dictionary only included 4 words for the purpose of this
tutorial. You can see the cracked password circled at the end (which by
the way, isn't my password for the router, for those of you who know
how to get my IP and wanna try and break in ). And that's how to do a basic hydra service crack on Windows
Technorati Tags: 
