Monday, August 27, 2012

Hydra THC web form dictionary attack

Hello ,

In this tutorial i will show you how to use THC hydra for performing a dictionary attack against a web form.For example username,password form.

THC hydra is a powerful program that you can find it at Backtack OS.With Hydra you can perform a dictionary attack against http form,smb,routers and more.

#Step 1) So to start the attack you have to find a good wordlist.Wordlist is a txt/lst file with many complex word inside.(A good wordlist contains numbers,characters,letters).You can download a wordlist from the web or you can make your own wordlist.(Recommended).So download crunch(Wordlist creator from here install it go to the installation folder (crunch-3.3)and run the following command

cd crunch-3.3/

and then run:

./crunch 1 5 0123456789 > /root/Desktop/wordlist.txt

Your screen should look like this now
  
 





#Step 2)So once the wordlist is ready you have to run hydra thc and execute the attack.
Open hydra (Backtrack > Privilege Escalation > Password Attack > Online Attacks > hydra )


#Step 3)Now go to the login page of the target/site > right click > View page source , to view the source code of the forms.
You will see something like this(but of course different and not exactly like the following):

<form name="input" action="kwd.php" method="post">
Username:
<input type="text" name="user">


Password:
<input type="password" name="pass">

 
Just write the action page,the method,the username name and the password name in to a txt file to remember them.
Now before we finish we have to make a try with random password and username to take an error.(Don't forget to write the error message in the txt file.)Like this:
(In this case the error message/Wrong login  is ACCESS DENIED).


Now it's time to perform the attack.Once we know the Username name the paswword name the action page and the method we are ready!

Now go to the hydra window (have a look at step 2 again) and type the following command

hydra www.site.com  http-form-post "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o /root/Desktop/attack.txt




You  have to change the "www.site.com" with the target's site,  the /directory
 with the login page directory e.g index/Login.php  the user with the username name of the site(Step 3) ,the pass with the password name of the site(Step 3) and the ERROR MESSAGE with the error message that the target gives you.In this case "ACCESS DENIED" e.g "Wrong username or Password" .

Thank you!

Nikos Danopoulos

11 comments:

  1. Well done Nikos. Very nice and useful tutorial

    ReplyDelete
    Replies
    1. Hello Everyone !

      USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

      All SSN's are Tested & Verified.

      **DETAILS IN LEADS/FULLZ**

      ->FULL NAME
      ->SSN
      ->DATE OF BIRTH
      ->DRIVING LICENSE NUMBER
      ->ADDRESS WITH ZIP
      ->PHONE NUMBER, EMAIL
      ->EMPLOYEE DETAILS

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If you buy in bulk, will give you discount
      *Sampling is just for serious buyers

      ->Hope for the long term business
      ->You can buy for your specific states too

      **Contact 24/7**

      Whatsapp > +923172721122

      Email > leads.sellers1212@gmail.com

      Telegram > @leadsupplier

      ICQ > 752822040

      Delete
  2. hello sir.i download crunch-3.4 but when i use the command "./crunch 1 5 0123456789 > /root/Desktop/wordlist.txt"then it gives me the error that "./crunch is not a file or directory.please help me....

    ReplyDelete
    Replies
    1. Hello, thank you for your comment.

      The error means that your Linux machine, can not find any file/directory named "crunch".
      So, to solve the problem you have to browse your crunch folder. The folder may be placed at "Downloads" . So type "cd Downloads/" and then look for "crunch-3.4" folder". Open it and then execute your commands. WARNING! Don't forget to extract your data! If manual way is difficult try to use "ark".

      -Also, if your crunch folder is not placed at Downloads, try to use "locate crunch-3.4" command.- The output will be something similar with the following:

      horizon@mylinux ~ $ locate crunch-3.4
      /home/d4n0/Documents/crunch-3.4

      That means, that your folder is at the "Documents" folder. Repeat the steps above to run your tool.

      Thank you.

      Delete
  3. Hey!
    Anyone can easily understand the thoughts. Also I like the conclusions made on this topic which is really very informative.

    Vachel
    PHP Developer Chicago
    cmscentral.net

    ReplyDelete
  4. I keep getting "Error: Unknown service"

    What do you think the problem is?

    attempted url Ccheating

    ReplyDelete
    Replies
    1. Can you give me the command you enter? I also remind you that this to tutorial is for education purpose only. I hope www.cheatingnetwork.net belongs to you;)

      Delete
  5. This comment has been removed by the author.

    ReplyDelete
  6. HI THERE, THIS WAS AN EXCELLENT TUTORIAL, BUT IM HAVING A PROBLEM FIND THE USERNAME AND PASSWORD NAME IN THE PAGE SOURCE. THE WEBSITE IS: WWW.ANIMALJAM.COM IF YOU COULD FIND THEM FOR ME THAT WOULD BE GREAT THANKS :)

    ReplyDelete
  7. Hello Everyone !

    USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete