crushingpackets's blog

Password Guessing with THC-Hydra

Hydra is available for Windows and Linux. I’ve used both, however if you have the need for speed, Linux is the way to go. I’m sure you’re itching to get started so I’ll stop yapping.

Hydra in its most basic form requires 4 items;

1. target IP address
2. user name (to be used during login process)
3. password (to be used with above username)
4. service (to be brute forced)

hydra -l administrator -p password 192.168.0.1 ftp

However this isn’t much fun, not to mention time consuming. Who wants to re-issue the following command over and over again manually.

Instead you can utilize a text file and store passwords you want to try. Hydra can pump through a large text file in minutes.

The easiest switches to remember are -l / -L and -p / -P

Password guessing as an attack vector

Over the years we've been taught a strong password must be long and complex to be considered secure. Some of us have taken that notion to heart and always ensure our passwords are strong. But some don't give a second thought to the complexity or length of our password. Password guessing in my view is the oldest hack in the book, and unfortunately some of us are making it too easy for the bad guys. From simple things like password equal to username (I still see this often) to blank passwords or super easy combination's like 'qwerty'. As a system Administrator it is our job to serve and protect. However, despite our best efforts users often give things away too easily. Therefore how do we know our users are doing the right thing and how can we audit poor or weak passwords.

Linux Mint - The Trio

Linux Mint's claim to fame is usability and the search for the perfect Linux desktop. As a distribution Mint arrived on the scene in 2006 with release 1.0 code named "Ada". It never formally made it as a stable release, resulting in little fan fare. However with release 2.0 codenamed "Barbara" Linux Mint made its mark on the community. Over the next 2 years Mint released 5 versions and if you haven't guessed it already they were all codenamed after feminine first names.

Under the hood, Mint borrows heavily from Ubuntu, in fact over the years they've adjusted their release cycle to coincide with Ubuntu. However in 2010 they released a Debian centric release independent of Ubuntu. Unlike most Linux distributions (with a single software branch) Linux Mint has 3 separate releases.

Linux Mint LMDE (Debian)
Linux Mint LXDE (Ubuntu with XFCE)
Linux Mint (Ubuntu with Gnome)