THC-Hydra
A very fast network logon cracker which support many different services.
Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa!
Current Version: 6.5 (plus diff)
One time only: Mac OS/X compiled package of v6.5+diff
Last update 2011-08-01
[0x00] News and Changelog
INFORMATION FOR VERSION 6.5:
As the next version will be v7.0 which will get a rewrite of the main function,
it will take some months for the next release.
For important issues there will be diff patches provided here for 6.5
PATCH: The following diff patches two issues in the http-form module: PATCH
Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )
It was tested to work on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX.
No more windows .exe cygwin port. Too many clueless people hassled me why hydra.exe
does not work for them when they double-click on it ... duh
CHANGELOG for 6.5
=================
* Added dpl4hydra script by Roland Kessler, which creates a default
password for a device. Thanks!
* Greatly improved HTTP form module: getting cookie, fail or succes condition, follow
multiple redirections, support cookie gathering URL, intelligent
cookie learning, multiple user defined headers, etc. works with OWA now :-)
* Added interface support for IPv6, needed for connecting to link local fe80::
addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome
* Added -W waittime between connects option
* The -x bruteforce mode now allows for generated password amounts > 2 billion
* Fix if -L was used together with -x
* Fixes when using the service://target/options format
* Fixed a bug in the restore file write function that could lead to a crash
* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T"
* Fix: if a proxy was used, unresolveable targets were disabled. now its fine
You can also take a look at the full CHANGES file
[0x01] Introduction
Welcome to the mini website of the THC Hydra project.
Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.
Version 6.x was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX.
Hydra is made available under GPLv3 with a special OpenSSL license expansion.
Currently this tool supports:
afp cisco cisco-aaa cisco-enable cvs firebird ftp[s] http[s]-{head|get} http[s]-{get|post}-form
http-proxy icq irc imap ldap2 ldap3[-{cram|digest}md5] mssql mysql ncp nntp oracle
oracle-listener oracle-sid pcnfs pop3 pcanywhere postgres rexec rlogin rsh sapr3 sip
smb smtp smtp-enum snmp socks5 ssh svn teamspeak telnet vnc vmauthd xmpp
AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA (incorporated in telnet module).
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
This tool is a proof of concept code, to give researchers and security consultants the
possiblity to show how easy it would be to gain unauthorized access from remote to a system.
The tools is maintained by van Hauser and David Maciejak.
[0x02] Disclaimer
1. This tool is for legal purposes only!
2. The GPLv3 applies to this code.
3. A special license expansion for OpenSSL is included which is required for the debian people
[0x03] Documentation
Hydra comes with a rather long README file that describes the
details about the usage and special options.
[0x04] Development & Contributions
Your contributions are more than welcomed!
If you find bugs, coded enhancements or wrote a new attack module for a service,
please send them to vh (at) thc (dot) org and add the word "antispam"
in the subject line.
Interesting attack modules would be:
RDP, PPTP, ...
(or anything else you might be able to do (and is not there yet))
[0x05] Screenshots
(1) Target selection
(2) Login/Password setup
(3) Hydra start and output
[0x06] The Art of Downloading: Source and Binaries
1. The source code of state-of-the-art Hydra: hydra-6.5-src.tar.gz + diff
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)
2. The source code of the stable tree of Hydra in case v6 gives you problems on unusual platforms:
hydra-5.9.1-src.tar.gz
3. Mac OS/X binary package (Intel 32 bit, compiled on snow leopard)
This package will not be maintained or updated! One time only!
Mac OS/X compiled package of v6.5+diff
4. The Win32/Cywin binary release: --- not anymore ---
Install cygwin from http://www.cygwin.com
and compile it yourself. If you do not have cygwin installed - how
do you think you will do proper securiy testing? duh ...
5. ARM and Palm binaries here are old and not longer maintained:
ARM: hydra-5.0-arm.tar.gz
Palm: hydra-4.6-palm.zip
A very fast network logon cracker which support many different services.
Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa!
Current Version: 6.5 (plus diff)
One time only: Mac OS/X compiled package of v6.5+diff
Last update 2011-08-01
[0x00] News and Changelog
INFORMATION FOR VERSION 6.5:
As the next version will be v7.0 which will get a rewrite of the main function,
it will take some months for the next release.
For important issues there will be diff patches provided here for 6.5
PATCH: The following diff patches two issues in the http-form module: PATCH
Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )
It was tested to work on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX.
No more windows .exe cygwin port. Too many clueless people hassled me why hydra.exe
does not work for them when they double-click on it ... duh
CHANGELOG for 6.5
=================
* Added dpl4hydra script by Roland Kessler, which creates a default
password for a device. Thanks!
* Greatly improved HTTP form module: getting cookie, fail or succes condition, follow
multiple redirections, support cookie gathering URL, intelligent
cookie learning, multiple user defined headers, etc. works with OWA now :-)
* Added interface support for IPv6, needed for connecting to link local fe80::
addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome
* Added -W waittime between connects option
* The -x bruteforce mode now allows for generated password amounts > 2 billion
* Fix if -L was used together with -x
* Fixes when using the service://target/options format
* Fixed a bug in the restore file write function that could lead to a crash
* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T"
* Fix: if a proxy was used, unresolveable targets were disabled. now its fine
You can also take a look at the full CHANGES file
[0x01] Introduction
Welcome to the mini website of the THC Hydra project.
Number one of the biggest security holes are passwords, as every password security study shows.
Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.
Version 6.x was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX.
Hydra is made available under GPLv3 with a special OpenSSL license expansion.
Currently this tool supports:
afp cisco cisco-aaa cisco-enable cvs firebird ftp[s] http[s]-{head|get} http[s]-{get|post}-form
http-proxy icq irc imap ldap2 ldap3[-{cram|digest}md5] mssql mysql ncp nntp oracle
oracle-listener oracle-sid pcnfs pop3 pcanywhere postgres rexec rlogin rsh sapr3 sip
smb smtp smtp-enum snmp socks5 ssh svn teamspeak telnet vnc vmauthd xmpp
AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA (incorporated in telnet module).
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
This tool is a proof of concept code, to give researchers and security consultants the
possiblity to show how easy it would be to gain unauthorized access from remote to a system.
The tools is maintained by van Hauser and David Maciejak.
[0x02] Disclaimer
1. This tool is for legal purposes only!
2. The GPLv3 applies to this code.
3. A special license expansion for OpenSSL is included which is required for the debian people
[0x03] Documentation
Hydra comes with a rather long README file that describes the
details about the usage and special options.
[0x04] Development & Contributions
Your contributions are more than welcomed!
If you find bugs, coded enhancements or wrote a new attack module for a service,
please send them to vh (at) thc (dot) org and add the word "antispam"
in the subject line.
Interesting attack modules would be:
RDP, PPTP, ...
(or anything else you might be able to do (and is not there yet))
[0x05] Screenshots
(1) Target selection
(2) Login/Password setup
(3) Hydra start and output
[0x06] The Art of Downloading: Source and Binaries
1. The source code of state-of-the-art Hydra: hydra-6.5-src.tar.gz + diff
(compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)
2. The source code of the stable tree of Hydra in case v6 gives you problems on unusual platforms:
hydra-5.9.1-src.tar.gz
3. Mac OS/X binary package (Intel 32 bit, compiled on snow leopard)
This package will not be maintained or updated! One time only!
Mac OS/X compiled package of v6.5+diff
4. The Win32/Cywin binary release: --- not anymore ---
Install cygwin from http://www.cygwin.com
and compile it yourself. If you do not have cygwin installed - how
do you think you will do proper securiy testing? duh ...
5. ARM and Palm binaries here are old and not longer maintained:
ARM: hydra-5.0-arm.tar.gz
Palm: hydra-4.6-palm.zip
Are you in need of a hacker in any area of your life??? then you can contact; services like; -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others) -Sales of Blank ATM cards. -hack into email accounts and trace email location -all social media accounts, -school database to clear or change grades, -Retrieval of lost file/documents -DUIs -company records and systems, -Bank accounts,Paypal accounts -Credit cards hacker -Credit score hack -Monitor any phone and email address -Websites hacking, pentesting. -IP addresses and people tracking. -Hacking courses and classes CONTACT THEM= hackintechnology@cyberservices.com or whatsapp +12132951376 their services are the best on the market and 100% security and discreet work is guaranteed
ReplyDelete