I have recently came to know about hydra and i am playing with it using brute force. The number of login attempts are almost 10 attempts / second, I am trying with my password, so if my password strength is 8 characters (just a-z,A-Z,0-9) it will take days. How can i optimize the login attempts or increase the number of attempts / sec. I have ci7 hp laptop.
Increase hydra brute force login attempts
brute force
Related Solutions
About your question:
- When using hydra, it's not required to put
http://
before the host that you're going to attack. - To specify the port, please use the
-s
flag. - You need to specify the
-l
flag otherwise an error will show up. - In the POST request you have to specify the file that is going to receive the POST request (e.g. index.php, password.php, validate.php, etc.)
- And last, but not least, you have to specify the Success case or the Fail case.
Try the following command, it is the best I can do with the information provided:
hydra -l '' -P pass.txt 192.168.0.24 -s 1234 http-post-form "/index.php:pass=^PASS^:F=Invalid Password!" -t 10 -o hydra-http-post-attack.txt
I tried it myself and it does not generate any kind of error.
Good luck!
Here's a small Python program which does what you seem to be describing.
#!/usr/bin/env python3
from hashlib import sha1
with open('binaryfile', 'rb') as bin:
binary = bin.read()
base = 0x0078
# ... is not valid Python; add more sequences, or take it out (or see below)
for seq in [[0xCA, 0xC5, 0xC5, 0x8A], [0xCB, 0xC5, 0xC5, 0x8A], ...]:
copy = binary[0:base]
copy += bytes(seq)
copy += binary[base+len(seq):]
if sha1(copy).hexdigest() == '9968733ce3ff0893bbb0a19e75faaf2fb0000e19':
print('success with bytes {0}'.format(seq))
break
else:
print('no success')
UnOnly briefly tested; please ping me if you find typos.
The base
specifies where to try to apply the four bytes, and the long string '996873
... is the hex representation of the expected SHA1. The line for seq in
... defines the bytes to try; and of course replace 'binaryfile'
with the path to the file you want to attempt to salvage.
You can replace the literal list [[0xCA, 0xC5,
...]]
with something to actually loop over all possible values but it's basically just a placeholder for something more useful because I'm not really sure what exactly you want there.
Something like for seq in itertools.product(range(256), repeat=4)):
will loop over all possible values from 0 to 232-1. (You will need to add import itertools
near the top then.) Or perhaps you could simply add an offset; update the script to replace the current for seq in
with the following (where again the import
needs to go before the main program);
import struct
for n in range(2**32):
val=(n+0x8AC5C5CA) % 2**32 # notice reverse order
seq=list(reversed(struct.pack(">I", val)))
copy = ...
I reversed the order of the bytes so that it naturally increments from 0x8AC5C5CA to 0x8AC5C5CB but then the next increment will be 0x8AC5C5CC etc. The struct
magic is to convert this to a sequence of bytes (had to look it up from https://stackoverflow.com/a/26920983/874188). This will start at 0x8AC5C5CA and go to 0xFFFFFFFF, then wrap around to 0x00000000 and climb back up to 0x8AC5C5C9.
If you have multiple candidate ranges you would like to examine in a particular order, maybe something like
for rge in [(0x8AC5C5CA, 0x8AFFFFFF), (0x00C6C58A, 0x00FFFFFF),
(0x00000000, 0x00C6C589), (0x01000000, 0x8AC5C5C9)]:
for val in range(*rge):
seq=list(reversed(struct.pack(">I", val)))
copy = ...
but then you'll need to make sure yourself that the (start, end) pairs in rge
cover all of the space between 0x00000000 and 0xFFFFFFFF if you really want to examine all of it. (And again, notice that the range increments the last byte and that seq
applies the bytes of the value in reverse, in accordance with your stated requirements.)
If you wanted to use two different base
addresses, you quickly run up against the limits of what's feasible to do in your lifetime with brute force; but you could, for example, split the 4-byte number into two 2-byte parts and apply those at different offsets.
base1 = 0x1234
base2 = 0x2345
for seq in range(whatever):
copy = binary[0:base1]
copy += bytes(seq[0:1])
copy += binary[base1+2:base1+base2]
copy += bytes(seq[2:3])
copy += binary[base2+2:]
Best Answer
(AFAIK) There is not an explicit "tries per second" config option in HYDRA, normally you can define the number of tasks that will be involved in the attack. I have checked the default option and it is 16 (in the command line utility), so I believe that the service you are trying to test against might have a big latency or some kind of delay before answering wrong attempts. Anyway you could try to tune it by increasing the number of tasks with the option "-t".
The latter is not an uncommon solution so you can expect that, also, you should consider that many services will temporary blacklist your IP if you try to log-in more than "n" times (being "n" an small number of tries like 5 or 10).
Here you have an Hydra manual for both command line and GUI utility.