Ethical Hacking Week 6: Hydra and Dict Attacks

Posted on by

Once enumeration is done the ethical hacker can look forward to trying to get the credentials of the admins. There are many ways to do this and get the password by dictionary attacks, phishing, sql injections, eavesdropping, malware and plenty more. Today we will focus on a dictionary attack using Hydra.

A dictionary attack is a form of brute force attack technique for getting through a authentication mechanism via thousands or millions of likely possibilities of usernames and password combinations. Additionally these combinations of passwords and usernames have most likely been extracted from previous data breaches so they have some legitimacy to them. The only way this method works though is because people use short or weak passwords. Nowadays your browser and your phone have provided features to generate safe passwords and store them to make sure

CEWL – is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper, Hydra, etc. Basically you can make your own personalized dictionaries from a given target’s website.

Hydra– is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to find the right username and password combination

Implementation- Once you have generated a list of passwords with CEWL or wherever source you choose from, you can start using Hydra. It is important to note a username needs to be provided also and is usually much easier to get than the password as it can be visible most of the times to outsiders and can also be the email associated to the username. These can all be found by the enumeration steps we covered previously.

hydra example.com -L emails.txt -P passowrds.txt http-post-form “/login.php”email=^USER^&password=^PASS^:Invalid password”

the example.com is the web domain that you have to provide to hydra. Next is the -L flag that takes in the list of emails file or usernames file as the parameter. The -P flag takes in the parameter of the list of passwords file. The http-post-form is a way to specify how the username and passwords will be submitted via post method in this case. Next is specifying the route for where the post method will be sent to in this case is “/login.php” and we are adding information to the route by providing variables like email and password. This email and password variables are set equal to emails.txt and passwords.txt in that order respectively. Lastly Invalid password is the message we will get if all the combinations are incorrect.

If done correctly Hydra will perform a dictionary attack and attempt to login with all the combinations possible in the dictionaries.

Leave a Reply

Your email address will not be published. Required fields are marked *