This is a tutorial that has been bugging me for a while and I’ve decided to post this tutorial, just to see how well it goes. This isn’t a series, but a one shot. If there’s enough interest I will maybe start a mini series.
Passwords
Passwords are arguably the most common method for authentication (probably is). Of course we could just go ahead and exploit the system itself, but in my experience it’s easier to hack a specific account, which is protected by a password, that’s on server then compromising a whole entire system itself. There are many different methods to crack passwords,but the ones discussed here are : Dictionary, Bruteforce, and People (Social Engineering, Phishing, People’s stupidity, all of the above).
All, but the latter can be attempted with a software called THC-Hydra (Hydra).
Hydra
Hydra is a password cracking tool that’s only on Linux (Sorry Window users). The tool itself is pre-installed on Kali Linux and Parrot, but if for some reason it’s not installed simply type:
apt-get install hydra
Once hydra is installed type:
hydra
Upon enter the help page should show up. For now we’re only interested in the -l flag and the -P flag.
The syntax for hydra is a follows:
hydra (options) host (service)
A simple example is:
hydra -l root -P wordlist.txt 127.0.0.1 smtp
The flag -l is for the username. The -P flag can be either -p, for a single password or -P, for a file containing words to try. You have to specify the whole path for the -P flag. After the options is the host’s Ip and the service. The service is optional to specify, but can be useful during a cracking procedure. A more realistic example is:
hydra -l root -P /root/Desktop/wordlist.txt 127.0.0.1
What if we’re trying to crack a email account password? This is where things get more interesting. Every email service has a service known as a smtp service. The smtp service is where the email process actually is. A simple example is the smtp.gmail.com server. The port that the smtp service is actually running on varies from smtp service to another, but for smtp.gmail.com the smtp service runs on port 565. The interesting part is that Hydra has flags that can specify a port and also the service. A example is:
hydra -l [email protected] -P /root/Desktop/wordlist.txt -S 565 smtp.gmail.com smtp
The last flag of Hydra that I will introduce in this tutorial is the -x flag. Sometimes the user has a ridiculously long and complicated password that dictionaries attacks have no effect, but there’s one method that all passwords are vulnerable to, bruteforce attacks. In a bruteforce attack every combination is used to figure out the password. The speed depends on the cpu processor, but in the end the password will be cracked. In hydra the bruteforce option is invoked like this:
hydra -l John Doe -x Shortest length: longest length: combinations host
A example for gmail would look something like this:
hydra -l [email protected] -x 5:8:A1 -S 565 smtp.gmail.com smtp
These are only some of the capabilities of Hydra.