New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hydra: add page #3468
hydra: add page #3468
Conversation
The build for this PR has failed with the following error(s):
Please fix the error(s) and push again. |
Hey, thanks for the new page @Jab2870! The descriptions are a bit verbose. Perhaps we could shorten them a bit in places? I also noticed that the parts of the command that can be changed aren't wrapped in the token syntax |
The build for this PR has failed with the following error(s):
Please fix the error(s) and push again. |
Thankt @sbrl for the quick feedback. I have made some changes, hopefully this is more in line with what you are looking for. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please change all tokens to use snake_case. You also have a typo at "Useaname".
pages/common/hydra.md
Outdated
|
||
`hydra -L {{Username List}} -P {{Password List}} -M {{Target list}} ssh` | ||
|
||
- Run hydra against an online login post form: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a bit complicated to be in a tldr page. Let us remove this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agnivade which part of this do you deam too complicated? is it the fact that there are 3 tokens?
I agree that it might be quite complicted but I do use it regularly. This (or a variation on it) is probably the second or third most common hydra command I use
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agnivade , I think I might have misunderstood you. Are you refering to the Login Post form or the ssh login with a Target list?
If you were refering to the SSH login, my previous comment is still the case. If you are refering to the Login Post Form then this is the most common hydra command I use. I agree that it is complicated and I have to look it up every time I try and use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was referring to the Login Post form. Note that the tldr project is more of an explainer than a cheatsheet -- in other words, the underlying mission is not to merely provide copy-pastable snippets (like, say, commandlinefu.com) but rather to allow readers to understand the language of the commands, so that the logic behind the options is evident and they can then derive new commands from the provided examples, or compose several simple examples into more complex ones that are useful to them. This is basically the same purpose of man pages, but executed in a more readable way (so we believe), .i.e. through a series of examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. How would feel if i changed it to this:
- Run against an online login form:
`hydra -L {{username_list}} -P {{password_list}} {{ip_address}} http-post-form {{http_service_options}}`
- Show options for a service:
`hydra -U {{service}}`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you give an example of http_service_options
? And same for service
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure:An example of http_service_options
is what I had before: /{{path_to_login_request}}:{{useaname_parameter}}=^USER^&{{password_parameter}}=^PASS^&{{other_parameters}}:{{string_in_failed_responce}}"
An example of service
might be http-post-form
or ssh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, so it leads to the same amount of complexity. It's just hidden. When somebody sees "http_service_options", they will go - well, what does that mean ? And then the whole point of having a tldr page is lost.
We can do the next command. Please use a concrete value like {{ssh}} instead of {{service}}.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks ok to me.
The last example is rather long and verbose, but I can't see any way of shortening it - and it seems to be a valuable example to keep in the page here. I think it's a bit like the whiptail
command I did a while back
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
Just a few minor comments about casing on protocol names.
> Password brute forcing tool. | ||
> More information: <https://github.com/vanhauser-thc/thc-hydra/>. | ||
|
||
- Run hydra against an ftp server: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Run hydra against an ftp server: | |
- Run hydra against an FTP server: |
|
||
`hydra -l {{username}} -P {{password_list}} ftp://{{ip_address}}` | ||
|
||
- Run hydra against an imap server with plain authentication: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Run hydra against an imap server with plain authentication: | |
- Run hydra against an IMAP server with plain authentication: |
|
||
`hydra -C {{credentials_file}} -6 pop3s://[{{ip_v6_address}}]:{{port}}/TLS:DIGEST-MD5` | ||
|
||
- Run against all ftp servers in an ip range, testing a specific username and password: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Run against all ftp servers in an ip range, testing a specific username and password: | |
- Run against all FTP servers in an IP range, testing a specific username and password: |
|
||
`hydra -L {{username_list}} -p {{password}} imap://{{ip_address}}/PLAIN` | ||
|
||
- Run hydra against a pop3s server. The credentials file should be a list in the form `user:password`: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Run hydra against a pop3s server. The credentials file should be a list in the form `user:password`: | |
- Run hydra against a POP3s server. The credentials file should be a list in the form `user:password`: |
|
||
`hydra -l {{username}} -p {{password}} ftp://[{{ip_address}}/{{subnet}}]/` | ||
|
||
- Run against ssh on all a list of targets with every combination usernames and passwords: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Run against ssh on all a list of targets with every combination usernames and passwords: | |
- Run against SSH on all a list of targets with every combination usernames and passwords: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whops. Didn't meant to approve.
Took at look at the |
Hi all! This thread has not had any recent activity. Are there any updates? Thanks! |
ping @Jab2870 |
Hi everyone. This thread is being closed as there was no response to the previous prompt. However, please leave a comment whenever you're ready to resume, so the thread can be reopened. Thanks again! |
Beware, bot is on the killing spree! |
I think it runs only every x amount of time @zdroid - and it has only just detected a number of PRs that meet the threshold :P |
It does, that's true. Someone should issue death warnings before the bot's day comes, though. :P |
It does send a reminder message @zdroid: #3468 (comment) |
common/
,linux/
, etc.)