Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brute Force Session Problem #103

Closed
hefese opened this issue Mar 18, 2016 · 3 comments
Closed

Brute Force Session Problem #103

hefese opened this issue Mar 18, 2016 · 3 comments

Comments

@hefese
Copy link

hefese commented Mar 18, 2016

Hi,

In Hydra v8.1, I realized that when I try to do brute force attack and the password is found, hydra goes to standby mode, then notifies me with [STATUS] bars and created session file messages, hydra.restore - although I don't stop the brute forcing - as follows :

[............A lot of ATTEMPT...........]
[ATTEMPT] target 192.168.2.201 - login "hydraTest" - pass "790" - 791 of 1000 [child 7]
[ATTEMPT] target 192.168.2.201 - login "hydraTest" - pass "791" - 792 of 1000 [child 3]
[ATTEMPT] target 192.168.2.201 - login "hydraTest" - pass "792" - 793 of 1000 [child 14]
[ATTEMPT] target 192.168.2.201 - login "hydraTest" - pass "793" - 794 of 1000 [child 9]
[80][http-post-form] host: 192.168.2.201 login: hydraTest password:777
[80][http-post-form] host: 192.168.2.201 login: hydraTest password:778
[STATUS] 794.00 tries/min, 794 tries in 00:01h, 206 todo in 00:01h, 16 active
[STATUS] 397.00 tries/min, 794 tries in 00:01h, 206 todo in 00:01h, 16 active
[STATUS] 264.00 tries/min, 794 tries in 00:01h, 206 todo in 00:01h, 16 active
The session file ./hydra.restore was written. Type "hydra -R" to resume session.
The session file ./hydra.restore was written. Type "hydra -R" to resume session.
[STATUS] 198.50 tries/min, 794 tries in 00:01h, 206 todo in 00:02h, 16 active
The session file ./hydra.restore was written. Type "hydra -R" to resume session.
[STATUS] 158.80 tries/min, 794 tries in 00:01h, 206 todo in 00:01h, 16 active
[STATUS] 132.33 tries/min, 794 tries in 00:01h, 206 todo in 00:01h, 16 active

When I stop this weird situtation with CTRL+C and try to enter the following command into my console from which right directory,

hydra -R

a problem generates as follows:

Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-03-17 23:08:35
[DATA] max 16 tasks per 1 server, overall 64 tasks, 1000 login tries (l:1/p:1000), ~0 tries per task
[DATA] attacking service http-post-form on port 80
*** Error in `*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0*** Error in ` ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
*** Error in `*** Error in `*** Error in `*** Error in `hydra': double free or corruption (out): 0x000055da7f707ed0 ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
hydra': double free or corruption (out): 0x000055da7f707ed0 ***
Segmentation fault

Do you have any idea what the problem is about?

Note: There are two hydraTest users in my database. Don't confuse it. I just test the last version of Hydra to learn whether it can go further even if it found a password. I wonder it, because, I need to do a brute force attack which can find multiple password, not single password.
@hefese
Copy link
Author

hefese commented Mar 18, 2016

After the first "hydra -R" attempt, when I enter "hydra -R" again, the following error outpus:

Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-03-17 23:08:35
Error: invalid restore file (end)

@vanhauser-thc
Copy link
Owner

I disabled in hydra that you can create useless large lists (memory issue, restore issues, plus the attack would take > 1 year to complete)

your -R issue is a known bug: #27

thanks for reporting though

@hedi2ht
Copy link

hedi2ht commented Aug 15, 2018

i have a restorefile how to resume

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vanhauser-thc @hefese @hedi2ht