Hydra tutorial

Ok, so some of you have been asking how to crack things like FTP/SSH/POP3 etc. Well, here is a quick way to do this for all you Windows users out there, provided you have a decent sized password dictionary. I personally use one of about 3.16GB in size, but for this tutorial I’m only going to use a small password list, just so you get the feel of it. First step, download hydra either from it’s homepage (http://freeworld.thc.org/thc-hydra),

Make sure if you download it from its actual homepage that you choose the Windows version, as that’s what this tutorial is written for. Download the zip file, extract it, and make sure you see the files below:

If you do, that’s good. Go to Start > Run > cmd to open the command prompt. Then change to your hydra folder using the “cd” command. For example my hydra folder was on the desktop, so I did this:

Now that you’ve done this, it’s time to execute Hydra for the first time! Sorry Windows fans, but there is only a GUI for Hydra for Linux systems, you you’re gonna have to do it the old fashioned way. Never thought you’d see that happen did ya? 😛 Just type “hydra.exe” without quotes, and watch the result:

Next, we will do a quick scan to think of some IP’s to attack. I would advise Nmap. You can download it fromhttp://nmap.org – make sure to download the windows installer. Install it. Find out your IP address, so that you know a possible IP range. In the command prompt sessions, type “ipconfig” and watch the results:

In my case, the range is at least 10.1.1.1-4, but I’ll go from 1 to 10 just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10” to see what hosts are alive, and wait for the results:

Pick a host to port scan – I picked 10.1.1.1 because it is a router, and for most people the password is generally pretty simple, if not default. Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1” and see if it’s running any services (click on the “Ports/Hosts” tab at the end for a simpler view of the services running and their ports):

As I’ve indicated by circling, I’ll be attacking the Telnet port because I know that it works, because I know you guys think Telnet is the be-all and end-all of hacking, and because the Windows version of THC-Hydra isn’t compiled with LIBSSH support (unless you did it yourself), and as such I can’t attack SSH – otherwise I’d be doing that instead. It’s so much better. Head back to your command session, and review the output from Hydra before; it tells you the services it can crack. After looking through it, and realising that Telnet definitely is there, we can now proceed to attack it with the command “hydra -l admin -P passlist.txt 10.1.1.1 telnet” as is demonstrated here:

An explanation of the command: -l admin was used because I assumed that the router would have the login of “admin”. You can use username lists as well if you wish. -P passlist.txt specified a password dictionary named “passlist.txt” – make sure to have the -P include the capital P, otherwise you’ll be specifying a password to try. 10.1.1.1 is the routers IP address, and telnet is the protocol we want to attack. Now obviously we could tell it to attack that protocol on a different port, but we won’t bother with that right now unless anyone else wants to see how. My dictionary only included 4 words for the purpose of this tutorial. You can see the cracked password circled at the end (which by the way, isn’t my password for the router, for those of you who know how to get my IP and wanna try and break in :P). And that’s how to do a basic hydra service crack on Windows.

Port scanning

For this tutorial im using NAMP or ZENMAP

First Download NMAP From here
http://nmap.org/
Install it and then come back again for furthet tut.
Zenmap is graphical version of Nmap
When you start/launch/whatever you call itNMAP you should see a screen like this one here:
[Image: nmap1fx3.jpg]
You will quickly get used to this Interface, its really user friendly:

(1) IMPORTANT: This is the most important part of the interface, here youwill type the IP of the target, or a Web Page Adress, for you geeks out there it works both on IPv4 protocol and in IPv6 protocol.

(2) This is the type of scan you want to make, unless you are hacking
something really hardcore like government or big company shit then leave it as intensive, no one will notice. This also defines the speed and the agression it will use until it checks if a port is open or closed or if its using an specific OS

(3)This is where you’ll set the commands to run in the process of scaning, leave it be, if you really want to change this use the wizard and create your own scan type so you can use later.

(4)Well, here you’ll see displayed all the information you get. Well see that in just a second.

So lets go ahead and enter what we know, i’ll be scanning a pretty crappy japanese page that i found 20 minutes ago when i wake up, i dont know what it is about because i dont read japanese, i only know it had its CGI-BIN wide open and withouth protection so i checked all their stuff… Its still default security, so its not really a challenge 🙂


(5) As you see i’ve entered the URL for that jap site

(6&7) This will remain the same, though you must know that you can change them if you want to

(8) With all set lets go ahead and click on SCAN

(9) You’ll see the “Scanning…” text under host

(10) You should see and introductory text like this and some seconds later the scan per se will begin.

Now the scan is running, so just sit back and some timepass

[Image: nmap3ow6.jpg]

Luckily for us this site has many ports wide open so you can see perfectly how the scan shows them AT FIRST. (11)

Now, since this could take a while specially if you are running it slowly to pass undetected every couple of minutes you’ll see a percentage of the scan completed, just to let you know NMAP is still running. (12)

[Image: nmap4cd8.jpg]

(13) BINGO! The ports that are open or filtered, their protocol (tipically TCP) and their main function and even the version of the software it is running, so you can search for your exploiting pleasure!

(14) And THIS is what i love about NMAP, it tells you the OS of the host! Well see this just now in depth…

[Image: nmap5dh1.jpg]

Now, let see, oh yes, the OS! Look at this! its wonderful! The perfect tool for a hacker, to know your enemy! And knowledge is power!

(15) A nice image of the OS, in this case a relative of LINUX

(16) A graphic representing the average difficulty to hack into this, in this case a bomb, in safer systems you can see a Security Box, in the easiest of them a piece of cake (literally!)

(17) A brief report of the scan

(18) The EXACT version of the operative system (if found) an the accuracy (if found)

[Image: nmap6ke1.jpg]

Now for you exploiter out there, click on the services (19) tab

(20) Look for the port you want to exploit (sendmail here)

(21)BINGO again! All the info on the sofware running on that port including the version its using (2010 here)


What is hACKINg????

My equation of hacking is

knowledge + art + curiosity = hacking

knowledge: about computers, web, programming languages.

art: making new techniques  to get into beat your victim.

curiosity: he want to know about all the things.curious to learn new things.and he never give up while solving a problem.

Hacking is not that thing which u can learn in some time.

What is hacking?

While there are many definitions of hacking, a general definition is to modify something to make it work for you. For computers, hacking includes fixing programs until they work. Also, hacking includes modifying the computer hardware to make it work better or tuned to the person’s wishes. The type of hacking that the media discusses includes breaking into secure systems to determine their weaknesses and to explore them. However, the media only points out the malicious uses for breaking into systems.

Black Hats, White Hats, Crackers and Phreakers

What do these terms have in common? They’re all terms used by hackers to describe hackers. Just like in typical cowboy fashion, the “white hats” are the good guys and the “black hats” are the bad guys. Although the lines are blurred greatly when it comes to hacking. The “White hats” are security experts who try to find the vulnerabilities in programs and systems, and report them to the manufacturers. They would be considered “ethical hackers” because they either have authorization to break into the system or program, or they do so with the intent of assisting the manufacturer in securing them. The “Black Hats” are the ones who are trying to find those same vulnerabilities and exploit them. “Cracker” is another term for the Black Hat hackers, usually referring to the creation of software cracks to bypass anti-piracy methods. A “Phreaker” is a person who hacks into telecommunications services.