這個沒啥好說的,就是一個暴力破解工具,主要是針對Linux的。如果知道合法的用戶名更好,要是實在是不知道,那也沒關系,直接暴力破解root吧,一步到位。
先看下hydra -h的顯示,再慢慢解釋好了。
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]
server service [OPT]
Options:
-R restore a previous aborted/crashed session
恢復中斷的會話
-S connect via SSL
通過SSL連接
-s PORT if the service is on a different default port, define it here
如果www.linuxidc.com不是默認的端口,指定端口
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-l是指需破解的用戶名,-L是指需破解的用戶所在的文件
-p PASS or -P FILE try password PASS, or load several passwords from FILE
載入密碼字典
-e ns additional checks, "n" for null password, "s" try login as pass
嘗試空口令或者與用戶名相同的密碼
-C FILE colon seperated "login:pass" format, instead of -L/-P options
指定一個含有login:pass的文件,取代-L/-P選項
-M FILE server list for parallel attacks, one entry per line
指定目標地址文件,一行一個地址
-o FILE write found login/password pairs to FILE instead of stdout
將找到的密碼寫入文件中
-f exit after the first found login/password pair (per host if -M)
找到密碼後退出
-t TASKS run TASKS number of connects in parallel (default: 16)
指定線程數目,默認是16
-w TIME defines the max wait time in seconds for responses (default: 30)
響應最大等待時間30s
-v / -V verbose mode / show login+pass combination for each attempt
詳細模式
server the target server (use either this OR the -M option)
目標ip地址
service the service to crack. Supported protocols: telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql Oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp
所支持的服務
OPT some service modules need special input (see README!)
Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.
Hydra is a tool to guess/crack valid login/password pairs - use allowed only
for legal purposes! If used commercially, tool name, version and web address
must be mentioned in the report. Find the newest version at http://www.thc.org
大致上就是如此了。現在來實際操作一下。
hydra -l root -P /home/Linux/passwd.dic -e ns -f -vV target_ip ssh2
當出現[STATUS] attack finished for target_ip (waiting for childs to finish) 時,表示已經破解成功。
