night lio nse curit y.co m http://www.nightlio nsecurity.co m/blo g/guides/2012/08/ftp-and-telnet-passwo rd-cracking-guide-with-thc-hydra/#.

UnaDTX2VtzA

FTP and Telnet password cracking guide with THC Hydra

Password is the only thing which protects secure inf ormation on the network systems. If we want to access secure inf ormation, we must be an authorize member of the system or network. According to many password security study passwords are the biggest security hole. If any unauthorized managed to get the right password, he will be able to access the secure data on the system. Although many security systems try to improve security by various methods but there are some tools which always break the security easily. T HC Hydra is the tool which shows how easy it is to gain the unauthorized access of a network system f rom remote to a system. T his is not the only tool which can crack FT P or Telnet passwords of a remote computer. T here are various tools available which can do this job and those also supports various protocols and use parallel connection to crack. But T HC Hydra is the best and known f or its speed and ef f iciency. T HC Hydra perf orms brutef orce attack based on password dictionary. Brutef orce Attack: Brutef orce attack is the most widely used attack f or password cracking. T his attack uses all possible permutations of passwords until the correct password is f ound. For example: If the password is 3 characters long and consists of both letters and numbers. T hen a brute f orce attack will use 2,38,328 dif f erent password at your password. For First character: total lower case letters (26) + total upper case letters (26) + total numbers (10) = 62 For Second character: same = 62 For T hird character: same = 62 Total permutations = 62*62*62 = 2,38,328 About T HC Hydra: Bef ore knowing about the password cracking with this tool, you must know f ew things about this tool. T HC Hydra is the f ast network logon cracker. It connects with multiple parallel connections to the remote systems and then starts its attack. It is able to crack passwords of various kinds of services. If we compare this tool with other available logon password crackers, this tool supports more services and protocols. And it is f aster than other tools. List of Protocols, T HC Hydra supports: T hese are the protocols which this tool supports. We can crack password of these services with this nice logon cracker. AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FT P, HT T P-FORM-GET, HT T P-FORM-POST, HT T P-GET, HT T P-HEAD, HT T P-PROXY, HT T PS-FORM-GET, HT T PS-FORM-POST, HT T PS-GET, HT T PS-HEAD, HT T PProxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNT P, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POST GRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMT P, SMT P Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (T S2), Telnet, VMware-Auth, VNC and XMPP. Supported Platf orms: T his network logon cracker is available f or most of the available platf orms. T his is the list: All UNIX platf orms (linux, *bsd, solaris, etc.) Mac OS/X Windows with Cygwin (both ipv4 and ipv6) Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Z aurus, iPaq) Hydra Explaind and its usage: For command line usage, we will use f ollowing command: 1 $ hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w T IME] [-f ] [-s PORT ] [-S] [-vV] server service [OPT ]

Here dif f erent argument has dif f erent meaning. Read the meaning of these command line arguments below: -R It is used to restore a previous aborted/crashed session -S connect via SSL to the target system -s if the service is on a dif f erent def ault port, def ine it here. Write s bef ore the port. -l or -L login with LOGIN name, or load several logins f rom FILE. Be sure f or case of l in both argument. Small f or username ad capital f or

username list f ile. -p or -P try password PASS, or load several passwords f rom FILE. Same case f or p will be applied here. If you want to try single password use small p. But use capital P f or the password list. -e additional checks, n f or null password, s try login as pass -C colon seperated login:pass f ormat, instead of -L/-P options. T his f ile will have colon seperated login and password. T his is also a better idea to use. -M server list f or parallel attacks, one entry per line -o It will write f ound login/password pairs to FILE instead of stdout. -f T his argument will exit af ter the f irst f ound login/password pair (per host if -M). It will not check f or any other combinattion which may be matched if we are using username list and password list together. -t run TASKS number of connects in parallel (def ault: 16) -w def ines the max wait time in seconds f or responses (def ault: 30) -v / -V verbose mode / show login+pass combination f or each attempt server the target server (use either this OR the -M option) service the service to crack. Supported protocols: telnet f tp pop3[-ntlm] imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-f orm http-proxy cisco cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5 rexec rlogin pcnf s snmp rsh cvs svn icq sapr3 ssh2 smtpauth[-ntlm] pcanywhere teamspeak sip vmauthd f irebird ncp af p How to crack Telnet password with T HC Hydra: First of all download, Hydra f rom the of f icial website. If you are using windows Version, you will have to work on console. T hese are no GUI f or windows users. I am showing it on windows. Download the zip f ile and extract it on the system. Now f ollow these steps: Click on start and type CMD in search bar (in windows 7) and open command prompt.Now change the command prompt location to the hydra f older by using CD command. Figure 1: T HC Hydra Now we will execute the hydra by typing hydra.exe in the command prompt Figure 2: Running Hydra For First Time Now we need to select the target computer. At this moment we can use Nmap f or scanning IP and open ports. So download the Nmap in your system. Windows users should download windows version. Af ter downloading Nmap, scan f or IP range. Also check f or open ports in these IP addresses. How to Use Nmap? Use of Nmap is really simple. If you do not know, I am writing something in short which will help you. Suppose I am in a network which has IP series of 192.168.0.x and I want to break into the telnet of a system in this network. I will use Nmap to f ind my target system. First of all, we will scan to check which systems are alive on the network. Use Nmap f or simple ping and get the list of all systems alive on the network. Use this command: nmap -sP 192.168.0.1-10 now see the results of this ping scan. You will get the list of ip addresses of all systems which are alive. T hese systems can be used as target so I will pick one f rom the list. I have chosen the system with ip address 192.168.0.7 Now we will check whether the T ELNET port is open in the target computer or not. So use this command f or simple port scan: nmap -sS -sV -P 0 -T 5 -O 192.168.0.7 T his command will show all running service on the target computer. If Telnet service is running on the target system, we are ready f or the attack, otherwise we will have to select another computer f or the attack. Af ter selecting the target, we will start attack on it. Af ter knowing that Telnet port is open we will use Hydra to attack on it. T here are two things we need to have bef ore the attack. Username list and a password list. Username list is being used in case we do not know the username. Password list will be the possible list of passwords which will be used by hydra f or brute f orcing. Case 1: Suppose we know the username. Let us assume that the username f or the target telnet is admin. Now we will use the command to run the attack. hydra -l admin -P passlist.txt 192.168.0.7 telnet Figure 3: attacking on Telnet of target system with username Admin Here passlist.txt is the list of possible passwords. Hydra will use each password f or the selected username and will try to login. If a password f rom the list is matched, it will stop the scanningand show the username and password combination f or the target telnet. Figure 4: Cracked password f or the username admin

If no password f rom the passlist.txt matched with the username, it will simply stop scan. In case, you want to save the scan results into a f ile, you will have to change the command and add the name of the output f ile into command line argument. hydra -l admin -P passlist.txt -o test.txt 192.168.0.7 telnet T his command will save the result to the output f ile test.txt. Case 2: In case you do not know the username, you can use the guess list of username along with the password list. Now we will use the command to run the attack. hydra -L username.txt -P passlist.txt 192.168.0.7 telnet Here username.txt is the guess list f or possible usernames f or the target admin and passlist.txt is the guess list f or possible passwords. To save the result into a output f ile we will use the similar command as I have already written. T he only dif f erence is that we will pass username list here. hydra -L username.txt -P passlist.txt -o test.txt 192.168.0.7 telnet Here: One thing to Note that using username and password list change one thing in the command which is not noticeable f or all users. When I have executed the command f or a single username, I used l admin but I use -L username.txt when I used a list. Here see the dif f erence between L andl. When use a single username, use small case of l but use capital L when use username list. If you are on Ubuntu or any other linux based operating system, this tool will be more easy to use. T his tool comes with a nice GUI f or Linux based operating systems. So you will not need to learn hydra commands f or them. Working is similar and commands are executed in background of GUI. T his was the short demonstration of Telnet password cracking with the use of HYDRA network logon cracker. How to crack FT P password with T HC Hydra: In previous section, I wrote about cracking Telnet password with Hydra. As I already told that this is a network logon cracker and it supports many network protolcols. So it is used to cracked most of the network login. Cracking FT P password is also the same as cracking telnet password. You just need to f ind the target system with FT P port open. And then use hydra to crack password with password dictionary. If you are not sure about the username, you can use username dictionary along with password dictionary.Now we will use the command to run the attack. hydra -l admin -P passlist.txt 192.168.0.7 f tp You can see that the command is similar. Only I have replaced the Telnet with f tp to tell Hydra that it has to attack on f tp port this time. You can change the target system IP accordingly. You can also use admin list as given below. hydra L username.txt -P passlist.txt 192.168.0.7 f tp All other things are similar. And you can replace this f tp to any other supported protocol. How to protect against Hydra attack: Protection against these kind of Butef orcing attack is divided into three parts Always check your logs against suspicious activity. Log f iles will help to know more about the attacker. Always use strong password with good length. Use both cases, number and a special characters. Always restrict f ew number of invalid login and then block the login f rom that IP. Conclusion: T HC Hydra is really a nice and ef f ective networ logon cracker. It is best among all available network logon cracker tools. It is also used dictionary based attack with multiple connection at a time which makes it f aster. So always use strong password which is hard to crack. If you will use a strong password with use of capital and small letters, numbers and special characters. T hese kind of passwords are really hard to crack as it makes more number of permutations. You can also setup server restriction. In this, you can disallow login af ter 3 invalid login. T his will block brutef orce attack.