any luck using Hydra?

Printable View

February 18th, 2007, 10:07 AM
k_tech

any luck using Hydra?

guys I was giving Hydra a try, because is listed as the top 10 password crackers at insecure.org, behind cain, and john, but so far no luck unlike cain that uses MITM attack, Hydra launches a brute force using dictionary attack, and has a variety of use like choosing desire service, port, target...etc, but so far every time I use it I get a bunch of errors coming back, it does not even launches the attack or stablish connection..........has anybody used it before? and with success
here is the output I get:
================================================

** (xhydra:14224): WARNING **: callbacks.c 529: popen_rw_unbuffered: execv() returned

** (xhydra:14224): WARNING **: /usr/local/bin/hydra

** (xhydra:14224): WARNING **: 10.200.50.1

** (xhydra:14224): WARNING **: ftp

** (xhydra:14224): WARNING **: -l

** (xhydra:14224): WARNING **: administrator

** (xhydra:14224): WARNING **: -P

** (xhydra:14224): WARNING **: /media/hd2/dictionaries/password.txt

** (xhydra:14224): WARNING **: -e

** (xhydra:14224): WARNING **: ns

** (xhydra:14224): WARNING **: -t

** (xhydra:14224): WARNING **: 36

** ERROR **: file callbacks.c: line 544 (popen_re_unbuffered): should not be reached
aborting...
================================================
thanks
February 18th, 2007, 11:23 AM
nihil

Please do not submit a post more than once......... you will only trigger anti-spamming mechanisms ;)

I don't care what your ISP is overcharging you for, like mine, it doesn't always deliver, so please be patient and wait 60 minutes :D

EDIT: You need to give more details about the environment you are attempting to use Hydra in............. we have some very good people here, but none of them can give me the winning lottery numbers;)

And welcome to AO............... I bite, but I don't know about the others............
February 18th, 2007, 11:03 PM
k_tech

is a very simple test environment, basically Im using my nix box and testing hydra against a w2k3 machine, that is patched, I do not know if that is the reason why I keep getting the reject connection, because I've never used it before, I have tried brutus a couple of times, but like any bruteforce remote login password cracker it leaves too many traces behind on the log.........although brutus seems to work better at least establish a connection and launches the attack regardless the service, not the case with hydra
February 19th, 2007, 03:40 AM
gore

Hydra does more than crack passwords. Also, if you're getting connection rejected on a server OS that's patched, I'd say that's kind of normal if it has a firewall going, but if it doesn't, I'm not sure as my use of Windows Server 2003 is limited at best.

Try this though from your shell:

man hydra

The docs aren't that bad and the info on hydra on their website is decent enough to where it isn't terribly boring so just read up on it more.

Another thing you may find useful is IPSorcery and or Hping. They don't crack passwords but you can make your own packets.