THC Hydra
[0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Read below for Linux compilation notes. And there is a new section below for online tutorials. CHANGELOG for 7.3 ================= * Hydra main: - Added -F switch to quit all targets if one pair was found (for -M) - Fixed a bug where hydra would terminate after reporting a successful login when an account would accept any password - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) - Enhanced the module help * configure script: - Added fix Oracle library inclusion, thanks to Brandon Archer! - Added --nostrip option to prevent binary stripping (requested by Fedora maintainer) * Added a Makefile patch by the Debian maintainers to support their SecurityHardeningBuildFlags for the wheezy build as requested * dpl4hydra: added install directory support * All code: message cleanups * SNMP module - originally already supported write and v2 although this was not in the module help output. Added :-) - added SNMPv3 MD5/SHA1 authentication support, though beta still * HTTP module: - fixed HTTP NTLM auth session - implemented errata fix for HTTP digest md5-sess algorithm - set default path to / * HTTP Form module: - set default path to / - support HTTP/1.0 redirects - fix failed condition check when pcre is not used * IMAP module: fixed auth detection * POP3 module: Updated auth and capability detection * Oracle module: fixed bad handling * Oracle listener module: fixed hash size handling * Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts * FTP module: - Fixed a bug where 530 messages were incorrectly handled - Clarification for the usage of ftps * Mysql module: added patch from Redhat/Fedora that fixes compile problems * Added IDN and PCRE support for Cygwin You can also take a look at the full CHANGES file [0x01] Introduction Welcome to the mini website of the THC Hydra project. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion. Currently this tool supports: AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported. This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system. The program is maintained by van Hauser and David Maciejak.
The Art of Downloading: Source and Binaries 1. The source code of state-of-the-art Hydra: hydra-7.3.tar.gz (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.) 2. The source code of the stable tree of Hydra in case v7 gives you problems on unusual and old platforms: hydra-5.9.1-src.tar.gz 3. The Win32/Cywin binary release: --- not anymore --- Install cygwin from http://www.cygwin.com and compile it yourself. If you do not have cygwin installed - how do you think you will do proper securiy testing? duh ... 4. ARM and Palm binaries here are old and not longer maintained: ARM: hydra-5.0-arm.tar.gz Palm: hydra-4.6-palm.zip
0 comments:
Post a Comment