Kali ini saya akan membahas tools cracking password login yang cukup populer. Yup Hydra. Project "simple" dari THC ( The Hacker Choice ) ini memang cukup handal mengingat di versi terbarunya , 8.2 , semakin banyak protokol yang bisa di crack oleh hydra, dan tools ini diklaim lebih cepat dari ncrack maupun medusa.
xhydra logo
Nah berikut protokol yang bisa di crack oleh Hydra :
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC dan juga XMPP.
Nah berikut changelog di versi 8.2 :
Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
Added RTSP module, thanks to jjavi89 for supplying!
Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
Added new -O option to hydra to support SSL servers that do not suport TLS
Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
Added support in hydra-http for http-post (content length 0)
Fixed important bug in http-*://server/url command line processing
Added SSL SNI support
Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
Fixed for SSL connection to support TLSv1.2 etc.
Support for different RSA keylengths, thanks to fann95 for the patch
Fixed a bug where the cisco-enable module was not working with the password-only logon mode
Fixed an out of memory bug in http-form
Fixed imap PLAIN method
Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
Added --fhs switch to configure (for Linux distribution usage)
Perhatikan tabel dibawah :
Hydra mengungguli Medusa maupun Ncrack termasuk support di 51 protokol, jauh lebih banyak di antara rival nya. Dan untuk perbandingan kecepatannya :
Berikut screenshoot dari Hydra GTK
Dan fungsi dari hydra sendiri sangat banyak, termasuk cracking password ftp.
Nah sekian artikel kali ini, semoga bermanfaat. Selamat menunaikan ibadah puasa.
