hydra: add page #3468
hydra: add page #3468
Conversation
|
|
|
The build for this PR has failed with the following error(s): Please fix the error(s) and push again. |
|
Hey, thanks for the new page @Jab2870! The descriptions are a bit verbose. Perhaps we could shorten them a bit in places? I also noticed that the parts of the command that can be changed aren't wrapped in the token syntax |
|
The build for this PR has failed with the following error(s): Please fix the error(s) and push again. |
|
Thankt @sbrl for the quick feedback. I have made some changes, hopefully this is more in line with what you are looking for. |
pages/common/hydra.md
Outdated
|
|
||
| `hydra -L {{Username List}} -P {{Password List}} -M {{Target list}} ssh` | ||
|
|
||
| - Run hydra against an online login post form: |
There was a problem hiding this comment.
I think this is a bit complicated to be in a tldr page. Let us remove this.
There was a problem hiding this comment.
@agnivade which part of this do you deam too complicated? is it the fact that there are 3 tokens?
I agree that it might be quite complicted but I do use it regularly. This (or a variation on it) is probably the second or third most common hydra command I use
There was a problem hiding this comment.
@agnivade , I think I might have misunderstood you. Are you refering to the Login Post form or the ssh login with a Target list?
If you were refering to the SSH login, my previous comment is still the case. If you are refering to the Login Post Form then this is the most common hydra command I use. I agree that it is complicated and I have to look it up every time I try and use it.
There was a problem hiding this comment.
I was referring to the Login Post form. Note that the tldr project is more of an explainer than a cheatsheet -- in other words, the underlying mission is not to merely provide copy-pastable snippets (like, say, commandlinefu.com) but rather to allow readers to understand the language of the commands, so that the logic behind the options is evident and they can then derive new commands from the provided examples, or compose several simple examples into more complex ones that are useful to them. This is basically the same purpose of man pages, but executed in a more readable way (so we believe), .i.e. through a series of examples.
There was a problem hiding this comment.
Fair enough. How would feel if i changed it to this:
- Run against an online login form:
`hydra -L {{username_list}} -P {{password_list}} {{ip_address}} http-post-form {{http_service_options}}`
- Show options for a service:
`hydra -U {{service}}`
There was a problem hiding this comment.
Can you give an example of http_service_options ? And same for service
There was a problem hiding this comment.
Sure:An example of http_service_options is what I had before: /{{path_to_login_request}}:{{useaname_parameter}}=^USER^&{{password_parameter}}=^PASS^&{{other_parameters}}:{{string_in_failed_responce}}"
An example of service might be http-post-form or ssh
There was a problem hiding this comment.
Right, so it leads to the same amount of complexity. It's just hidden. When somebody sees "http_service_options", they will go - well, what does that mean ? And then the whole point of having a tldr page is lost.
We can do the next command. Please use a concrete value like {{ssh}} instead of {{service}}.
| > Password brute forcing tool. | ||
| > More information: <https://github.com/vanhauser-thc/thc-hydra/>. | ||
|
|
||
| - Run hydra against an ftp server: |
There was a problem hiding this comment.
| - Run hydra against an ftp server: | |
| - Run hydra against an FTP server: |
|
|
||
| `hydra -l {{username}} -P {{password_list}} ftp://{{ip_address}}` | ||
|
|
||
| - Run hydra against an imap server with plain authentication: |
There was a problem hiding this comment.
| - Run hydra against an imap server with plain authentication: | |
| - Run hydra against an IMAP server with plain authentication: |
|
|
||
| `hydra -C {{credentials_file}} -6 pop3s://[{{ip_v6_address}}]:{{port}}/TLS:DIGEST-MD5` | ||
|
|
||
| - Run against all ftp servers in an ip range, testing a specific username and password: |
There was a problem hiding this comment.
| - Run against all ftp servers in an ip range, testing a specific username and password: | |
| - Run against all FTP servers in an IP range, testing a specific username and password: |
|
|
||
| `hydra -L {{username_list}} -p {{password}} imap://{{ip_address}}/PLAIN` | ||
|
|
||
| - Run hydra against a pop3s server. The credentials file should be a list in the form `user:password`: |
There was a problem hiding this comment.
| - Run hydra against a pop3s server. The credentials file should be a list in the form `user:password`: | |
| - Run hydra against a POP3s server. The credentials file should be a list in the form `user:password`: |
|
|
||
| `hydra -l {{username}} -p {{password}} ftp://[{{ip_address}}/{{subnet}}]/` | ||
|
|
||
| - Run against ssh on all a list of targets with every combination usernames and passwords: |
There was a problem hiding this comment.
| - Run against ssh on all a list of targets with every combination usernames and passwords: | |
| - Run against SSH on all a list of targets with every combination usernames and passwords: |
|
Took at look at the |
|
Hi all! This thread has not had any recent activity. Are there any updates? Thanks! |
|
ping @Jab2870 |
|
Hi everyone. This thread is being closed as there was no response to the previous prompt. However, please leave a comment whenever you're ready to resume, so the thread can be reopened. Thanks again! |
|
Beware, bot is on the killing spree! |
|
I think it runs only every x amount of time @zdroid - and it has only just detected a number of PRs that meet the threshold :P |
|
It does, that's true. Someone should issue death warnings before the bot's day comes, though. :P |
|
It does send a reminder message @zdroid: #3468 (comment) |
common/,linux/, etc.)