Results 1 to 5 of 5

Thread: Hydra on ssh does not work even with the right password in list

  1. 2016-02-17 #1
    Prodigal Sorcerer
    Prodigal Sorcerer is offline Junior Member
    Join Date
    2016-Feb
    Posts
    4

    Hydra on ssh does not work even with the right password in list

    Hi, today I tried hydra in a virtualbox Kali 2 VM. I set up a target (Kali 2 on a Raspi) and started sshd there. Logging in manually worked. Then I created a password list with john the ripper's rules and stripped it a bit with pw-inspect (to pws with at least 8 chars). Now I took one of these passwords and set it for a ssh user on the target machine. Now I tried hydra and strangely it said it didn't find the password. Then I reduced the list to 30 passwords, including the right one. Now it worked.

    I checked with stack overflow and someone told me to install all the dependencies for hydra:
    Code:
    libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev
    Many of them were missing, but I could install them, except libncp-dev.

    My questions:
    • Can someone tell me if I am making a mistake here in terms of usage?
    • If the missing package/lib is indeed a problem, how to I get libncp-dev in Kali 2? Any rep I could add?


    Thanks a lot and best regards
  2. 2016-02-18 #2
    megocode3
    megocode3 is offline Junior Member
    Join Date
    2015-Nov
    Posts
    2
    What is the command you're using to launch the hydra attack?
  3. 2016-02-18 #3
    Prodigal Sorcerer
    Prodigal Sorcerer is offline Junior Member
    Join Date
    2016-Feb
    Posts
    4
    I've tried it with a lot of variations, the last one I tried was this one in order to make sure it's not the responsiveness (waiting 60 secs instead of 30):

    hydra -l <user> -P passwords_permutated.txt ssh://192.168.1.9:22 -w 60 -t 4 -v

    Edit:
    It also seems not to work with a http-post-form scan. With Burp Suite I managed to do a dictionary attack on dvwa without problems, but with hydra it is the same again: no password found even though I know the right one is in the password file. This is my hydra call for it:

    hydra -l admin -P passwd.txt -f 192.168.56.102 http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Lo gin:Login failed"

    Did I do something wrong or is it the same problem as above, that hydra doesn't work in general for me?
    Last edited by Prodigal Sorcerer; 2016-02-18 at 19:07.
  4. 2016-02-19 #4
    mmusket33
    mmusket33 is offline Senior Member
    Join Date
    2013-Jul
    Posts
    844
    Suggest you avoid Hydra and try and find a copy of Burp Suite Pro as the free version is throttled back and slow. Hydra gives too many false positives.

    MTeams
  5. 2016-03-02 #5
    Prodigal Sorcerer
    Prodigal Sorcerer is offline Junior Member
    Join Date
    2016-Feb
    Posts
    4
    Yeah, I did exactly that and moved on to Patator and ultimately Burp. Hydra just doesn't work properly, at least at the moment.

Similar Threads

  1. Hydra script for password only
    By radek33 in forum How-To Archive
    Replies: 0
    Last Post: 2020-03-08, 15:49

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules