THC-Hydra 8.1 - Network Logon Cracker

 A very fast network logon cracker which support many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

CHANGELOG for 8.1

        ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
        
        * David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
        * Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks!
        * Found login:password combinations are now printed with the name specified (hostname or IP), not always IP
        * Fixed the -M option, works now with many many targets :-)
        * -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port"
        * Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
        * Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
        * Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks!
        * Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev)
        * Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting)
        * Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting)
        * Updated configure to detect subversion packages on current Cygwin
        * Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com)

Download THC-Hydra 8.1

Read More

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking

Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

• combinator: This program is a stand-alone implementation of the Combinator Attack.
  Each word from file2 is appended to each word from file1 and then printed to STDOUT.
  Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
• cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
• expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.
  
  
  There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:
  
  
  
  All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
  All possible offsets of the word.
  Shifting the word to the right until a full cycle.
  Shifting the word to the left until a full cycle.
• gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
  The mod value is the number of times you want to split your dictionary.
  The offset value is which section of the split is getting that feed.
• hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
• len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
• morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.

Dictionary = Wordlist used for frequency analysis.

Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.

• permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
• prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
• req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
• rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
• rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
• splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils

Read More

[Ncrack] High-Speed Network Authentication Cracker

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.

Ncrack was started as a "Google Summer of Code" Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool and can be downloaded from the section below. Be sure to read the Ncrack man page to fully understand Ncrack usage. If you are a developer and want to write your own Ncrack modules, studying the Ncrack Developer's Guide would be the first step.

Download Ncrack

Read More

[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

 Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols:

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

Release 7.6
* Added a wizard script for hydra based on a script by Shivang Desai <shivang.ice.2010@gmail.com>
* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!)
* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon)
* SMTP Enum: HELO is now always sent, better 500 error detection
* hydra main:
   - fixed a bug in the IPv6 address parsing when a port was supplied
   - added info message for pop3, imap and smtp protocol usage
* hydra GTK: missed some services, added
* dpl4hydra.sh:
   - added Siemens S7-300 common passwords to default password list
   - more broad searching in the list
* Performed code indention on all C files :-)
* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly)

Download THC-Hydra v7.6

Read More

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication.

Generally Routers or Modems control their access by using HTTP BASIC authentication mechanism. In simple words, when you connect to your Modem/Router from the browser (typically http://192.168.1.1) you will be asked to enter username & password. If you ever forget this password then you will not be able to access your Router/Modem configuration. Even some websites use this BASIC Authentication to allow only certain users to access their site. 

In these cases 'Router Password Kracker' can help you in quickly recovering your lost password. Also Penetration Testers and Forensic Investigators can find this tool very useful in cracking the Router/Modem/Website password.

Download Router Password Kracker

Read More

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Changelog for 7.5

• Added module for Asterisk Call Manager
• Added support for Android where some functions are not available
• hydra main:
• – reduced the screen output if run without -h, full screen with -h
• – fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
• – fixed -o output (thanks to www417)
• – warning if HYDRA_PROXY is defined but the module does not use it
• – fixed an issue with large input files and long entries
• hydra library:
• – SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
• – removed support for old OPENSSL libraries
• HTTP Form module:
• – login and password values are now encoded if special characters are present
• – ^USER^ and ^PASS^ are now also supported in H= header values
• – if you the colon as a value in your option string, you can now escape it with \: – but do not encode a \ with \\
• Mysql module: protocol 10 is now supported
• SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option “TLS” if required. This increases performance.
• Cisco module: fixed a small bug (thanks to Vitaly McLain)
• Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

Download THC-Hydra 7.5

Read More

[THC-Hydra v7.5] Fast network logon cracker

CHANGELOG for 7.5
===================

        * Moved the license from GPLv3 to AGPLv3 (see LICENSE file)
        * Added module for Asterisk Call Manager
        * Added support for Android where some functions are not available
        * hydra main:
           - reduced the screen output if run without -h, full screen with -h
           - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
           - fixed -o output (thanks to www417)
           - warning if HYDRA_PROXY is defined but the module does not use it
           - fixed an issue with large input files and long entries

        * hydra library:
           - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
           - removed support for old OPENSSL libraries
        * HTTP Form module:
           - login and password values are now encoded if special characters are present
           - ^USER^ and ^PASS^ are now also supported in H= header values
           - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\
        * Mysql module: protocol 10 is now supported
        * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance.
        * Cisco module: fixed a small bug (thanks to Vitaly McLain)
        * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

 You can also take a look at the full CHANGES file

Download THC-Hydra v7.5

1. The source code of state-of-the-art Hydra: hydra-7.5.tar.gz
    (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, etc.)

 2. The source code of the stable tree of Hydra ONLY in case v7 gives you problems on unusual and old platforms: hydra-5.9.1-src.tar.gz

 3. The Win32/Cywin binary release: --- not anymore ---
    Install cygwin from http://www.cygwin.com  and compile it yourself. If you do not have cygwin installed - how do you think you will do proper securiy testing? duh ...

Read More