Today I will show you how to setup the parallel threaded multi-protocol cracker known as THCHydra to work under a Windows 7 environment. In order to pull this off properly we will need to setup a Cygwin environment on our Windows machine, as there is NO supported .EXE file for Windows to make this magically work (probably a virus if you find one or it is very outdated). Cygwin is like a Linux emulator for Windows, in that it creates a Linux API environment within your windows environment to provide a lot of Linux API functionality (not 100% but close). This is done through the cywin1.dll which allows you to run many programs not originally designed for Windows (i.e. Linux programs like THChydra). The catch is that you can't just run any Linux program you want; you have to build or compile everything you will want to use from source to get it to work in Cygwin environment properly (and even then it is not guaranteed it will work if it was never designed for Windows/Cygwin). OK with that out of the way, we can begin...
What you need:
+=============================+
| Steps to Install Cygwin and create environment:|
+=============================+
You need to start by downloading the Setup.EXE file from the main site listed above. Just double click on this when you are ready to get started. This will open the initial setup for Cygwin environment, which by default only includes the basic items needed. You can search through them and choose the ones you want/need or choose simply to include everything if you have the space and want to avoid having to troubleshoot missing items later. For example, if for example you wanted to also compile C++ programs you would need to make sure you included the gcc-g++ package and some kind of text editor like Vi or Nano. When running setup.exe, clicking on categories and packages in the package installation screen will provide you with the ability to control what is installed or updated. Another option is to install everything by clicking on the Default field next to the All category. If you have low bandwidth this could take some time as it downloads most of the packages from Internet (like SVN), so go have lunch and a beer, smoke or whatever your fancy and come back in a bit. You will need to make some decisions on how to install. I chose downlaod from internet, direct connect, and to install everything:
![[Image: hydra1t.png]](http://img823.imageshack.us/img823/3716/hydra1t.png)
**NOTE**: You can choose to only install the basics and add what you want in later, but to keep things easy and avoid having to trouble shoot to many issues I suggest just pick "ALL". Today's HDDs are getting larger and cheaper so I doubt many will have any issues due to space if you select ALL (mine was 8.29Gb total disk space once completely installed with all packages). If you want to go more advanced and select only what you need feel free, be aware that to use the GUI for THChydra, known as XHYDRA, you will need to ensure you also chose to install the proper Cygwin/X requirements as well as the basics since it relies on x-Server and Cygwin/X consists of X server, X libraries, and nearly all of the standard X clients.
When you are done Setup.EXE saves everything and creates a shortcut on your desktop as well as in the start menu. You can then use the Setup.EXE file any time you want to update or install a new Cygwin package, as once you have gone through the initial install choices it will remember your final configuration options so anytime you run it again it will open and allow you to choose to update your system by selecting additional packages.
Installed and working console should look like this; just double click your shortcut on desktop:
![[Image: hydra5.png]](http://img847.imageshack.us/img847/3673/hydra5.png)
![[Image: hydra6.png]](http://img32.imageshack.us/img32/6153/hydra6.png)
Now you can test it out by issuing a few commands that you wouldn’t normally have use to in Windows that are common Linux commands. Here is a quick view of: "pwd", "cd /", "ls", "ps":
![[Image: hydra7.png]](http://img716.imageshack.us/img716/3431/hydra7.png)
**NOTE: If you are trying to find your main Windows OS drive you need to navigate to it through the "cygwindrive" located in the root folder of Cygwin environment. Here is a quick example:
For me I use the following to get to my main OS desktop area:
Now to copy the downloaded hydra tar file from our main OS desktop to our Cygwin desktop use this:
![[Image: hydra8.png]](http://img716.imageshack.us/img716/5205/hydra8.png)
This ends our brief overview and review for installing Cygwin, please spend time on the homesite and reading the user guide to figure out all the ins and outs of it. If for some reason you decide you want to remove one of the installed Cygwin packages you will simply need to re-run the Setup.EXE file. Once it is open you simply navigate the list of packages that are already installed, and choose the category you want to edit (or click on the View button). Click on the options until it changes to Uninstall and then choose next to finalize the removal of the desired package (just click till you get there, it goes: Default>Install>ReInstall>UnInstall).
If you want to remove it entirely from your system simply stop all services from running and delete all files, folders and subdirectories as well as any Desktop shortcuts from your machine and from the Setup.EXE install folder and it will be gone.
+===================================+
| Steps to Compile THCHydra, once Cygwin is operational |
+===================================+
I have showed you above how you can move the THCHydra tar file from where ever you downloaded it so we can start working with it. Now navigate their using your Cygwin terminal, and we will begin by extracting the contents of the download using the following command:
NOTE: you can add "-C /desired/path/location" to the end of the command to extract it to another location other than where you currently are located
![[Image: hydra9.png]](http://img844.imageshack.us/img844/3695/hydra9.png)
OK, now that it is extracted you will have a new folder called hydra-6.3-src and inside you will find the contents of what was extracted, but we still need to compile it in order to get it working (you can delete the original tar file when we are done extracting). In order to compile the program you will need to use the following commands from the terminal:
![[Image: hydra10.png]](http://img18.imageshack.us/img18/963/hydra10.png)
![[Image: hydra11.png]](http://img204.imageshack.us/img204/369/hydra11.png)
NOTE: The last one for make install is not required but allows it to install to the local path environment to avoid always having to navigate to the install folder to use/run. This is mainly for my Linux users as it doesn’t properly work in Cygwin environment due to the default paths being different and errors can be ignored. You can edit this if needed to try and get it working, or simply navigate to the hydra folder before running it each time. If you want to add SSH you need to setup libssh on your machine as well (available at: http://www.libssh.org), and you will also need to add the "-DWITH_SSH1=On" argument to the first make command (i.e. ./configure>make -DWITH_SSH1=On>make install). The default make will also setup the necessary requirements for Xhydra if you have all of the dependencies needed, however I should mention that it is not functional in Cygwin environment due to issues with the GTK+ front end and Cygwin X Server. I previous had XHYDRA working but now seems to fail due to multiple errors but I am not a real programmer and don’t quite have the time to troubleshoot it. If you know anyone that is good with GTK programs then you might be able to fix the errors when it runs under Cygwin/X (just start X Server and then X-terminal and then run ./xhydra at command line in X-terminal to start the GUI. It will appear to be fine until you hit start to run it), until then XHYDRA only works in a 100% real Linux environment.
Now let us confirm we did not waste our time for nothing, check successful installation by issuing the following command to bring up the help menu and see all of the available options:
![[Image: hydra13.png]](http://img688.imageshack.us/img688/669/hydra13.png)
I will not go into great detail as the user guide is chalked full of details and there are already a lot of other tutorials on the net the cover how to use it, but not a lot on how to get it working on Windows (which is why I wrote this article). In order to get you started I will show you a quick example of cracking password on a basic home router user/pass for my network with Hydra (I am using a spare Netgear home router for this test), it goes a little something like this...
Here is how it breaks down:![[Image: hydra14.png]](http://img717.imageshack.us/img717/9811/hydra14.png)
You can see above it found the password (P@ssword1) for the username admin. You can search the user guide or Google if you need further explanations on how to use it or how to target other protocols, but that should atleast give you enough to get started. I must also note some important pieces of information that you should be aware of when cracking over the network with Hydra. First, if the password is not in your dictionary you will never find it (Period - the end!). Secondly, there are going to be some basic limitations that will impact your time, for example the maximum number of attempts possible per connection, protocol being attacked/used, bandwidth, size of word list and CPU power. These factors can all impact overall time it takes to exhasut all possibilities. The "-t" argument referenced aboved can be used to change the parallel thread count being used to help speed things up, but dont set it too high or will have the reverse affect. Here are some common max limits for attempts per connection, from the tools creators: telnet=4, ftp=6, pop3=1, amd imap=3, and here is the list of all supported protocols (as of the writing of this tutorial) so have fun cracking as the possibilities are limited only by your imagination:
PRO TIP #1:
A key tip to helping stay secure is to always use a VPN connection when testing to help hide your IP, but Proxies are also a great thing to use. If you need a list of up to date working proxies please see my page dedicated to this here: http://kaoticcreations.blogspot.com/p/fr...elite.html. Once you have identified the proxy you will be using you can incorporate it into THCHydra when testing.
If you are using the http/www service for cracking then you need to use the following argument in your command you are using:
If you are using any other service for cracking then you will need to use this format instead (very similar but notice the end of the argument changes from HTTP to CONNECT):
If you need to enter credentials to use your proxy then you would add this to the end of either option:
PRO TIP#2:
A strong word list is also very helpful when it comes to cracking, so try to keep manageable word lists or use tools to help create narrowed down word lists for better, or more targeted, results. THCHydra comes with the PW-INSPECTOR tool which can be used to trim a wordlist down based on password policy or known details. I like to use the word list tools provided by the Hashcat team as well as a tool called Shmoosh2x64.exe. The Hashcat team has a set of tools to help with expanding, sorting, and splitting wordlists and the shmoosh tool helps to combine multiple wordlists while also sorting out duplicates so you get a new wordlist that is full of unique words. I suggest playing with them all as they can all come in handy in various occasions, and all have been documented on their respective sites if you need help with the proper command syntax to use (Google is your friend). If you need to find a good wordlist just search around Google as there are many out there, and I also highly suggest tools like CeWL, CUPP (Common User Passwords Profiler), or WyD (Who's Your Daddy Password Profiler) which can be used to spider sites to help create wordlists based on unique words found on the site that you can then turn around and use to performing bruteforce attacks with (as mentioned above start focused if you can and then broaden your search/attempts to increase your effectiveness).
Hopefully this tutorial has showed you how you can get the latest version of THCHydra working under a Windows 7 environment. This should be another great tool to add to your collection and along with my previous post on the Hashcat tools you should be covered now for all of you password cracking needs, both local and remote. I may cover some word list techniques down the road to complete the series and create a triple threat for those who have followed along. I also hope this tutorial helps to ignite some creativity in others to think outside the box for what tools are available to them and how they can be used.
What you need:
- Latest version of Cygwin, available here: http://cygwin.com/setup.exe
- Latest source for THCHydra (currently v6.3), available here: http://www.thc.org/download.php?t=r&f=hy...src.tar.gz
+=============================+
| Steps to Install Cygwin and create environment:|
+=============================+
You need to start by downloading the Setup.EXE file from the main site listed above. Just double click on this when you are ready to get started. This will open the initial setup for Cygwin environment, which by default only includes the basic items needed. You can search through them and choose the ones you want/need or choose simply to include everything if you have the space and want to avoid having to troubleshoot missing items later. For example, if for example you wanted to also compile C++ programs you would need to make sure you included the gcc-g++ package and some kind of text editor like Vi or Nano. When running setup.exe, clicking on categories and packages in the package installation screen will provide you with the ability to control what is installed or updated. Another option is to install everything by clicking on the Default field next to the All category. If you have low bandwidth this could take some time as it downloads most of the packages from Internet (like SVN), so go have lunch and a beer, smoke or whatever your fancy and come back in a bit. You will need to make some decisions on how to install. I chose downlaod from internet, direct connect, and to install everything:
**NOTE**: You can choose to only install the basics and add what you want in later, but to keep things easy and avoid having to trouble shoot to many issues I suggest just pick "ALL". Today's HDDs are getting larger and cheaper so I doubt many will have any issues due to space if you select ALL (mine was 8.29Gb total disk space once completely installed with all packages). If you want to go more advanced and select only what you need feel free, be aware that to use the GUI for THChydra, known as XHYDRA, you will need to ensure you also chose to install the proper Cygwin/X requirements as well as the basics since it relies on x-Server and Cygwin/X consists of X server, X libraries, and nearly all of the standard X clients.
When you are done Setup.EXE saves everything and creates a shortcut on your desktop as well as in the start menu. You can then use the Setup.EXE file any time you want to update or install a new Cygwin package, as once you have gone through the initial install choices it will remember your final configuration options so anytime you run it again it will open and allow you to choose to update your system by selecting additional packages.
Installed and working console should look like this; just double click your shortcut on desktop:
Now you can test it out by issuing a few commands that you wouldn’t normally have use to in Windows that are common Linux commands. Here is a quick view of: "pwd", "cd /", "ls", "ps":
**NOTE: If you are trying to find your main Windows OS drive you need to navigate to it through the "cygwindrive" located in the root folder of Cygwin environment. Here is a quick example:
Code:
cd /cygdrive/<driveletter>/Users/<username>/path/locationCode:
cd /cygdrive/c/Users/SkyWalker/DesktopCode:
Example: cp hydra-6.3-src.tar.gz /home/<cygwin-username>
Mine: cp hydra-6.3-src.tar.gz /home/SkyWalker
Then: cd /home/SkyWalker
Then: ls (to confirm it was copied to where we wanted it)This ends our brief overview and review for installing Cygwin, please spend time on the homesite and reading the user guide to figure out all the ins and outs of it. If for some reason you decide you want to remove one of the installed Cygwin packages you will simply need to re-run the Setup.EXE file. Once it is open you simply navigate the list of packages that are already installed, and choose the category you want to edit (or click on the View button). Click on the options until it changes to Uninstall and then choose next to finalize the removal of the desired package (just click till you get there, it goes: Default>Install>ReInstall>UnInstall).
If you want to remove it entirely from your system simply stop all services from running and delete all files, folders and subdirectories as well as any Desktop shortcuts from your machine and from the Setup.EXE install folder and it will be gone.
+===================================+
| Steps to Compile THCHydra, once Cygwin is operational |
+===================================+
I have showed you above how you can move the THCHydra tar file from where ever you downloaded it so we can start working with it. Now navigate their using your Cygwin terminal, and we will begin by extracting the contents of the download using the following command:
Code:
tar -zxvf hydra-6.3-src.tar.gzOK, now that it is extracted you will have a new folder called hydra-6.3-src and inside you will find the contents of what was extracted, but we still need to compile it in order to get it working (you can delete the original tar file when we are done extracting). In order to compile the program you will need to use the following commands from the terminal:
Code:
cd /hydra-6.3-src
./configure
make
make install (ERROR PRONE ON CYGWIN)NOTE: The last one for make install is not required but allows it to install to the local path environment to avoid always having to navigate to the install folder to use/run. This is mainly for my Linux users as it doesn’t properly work in Cygwin environment due to the default paths being different and errors can be ignored. You can edit this if needed to try and get it working, or simply navigate to the hydra folder before running it each time. If you want to add SSH you need to setup libssh on your machine as well (available at: http://www.libssh.org), and you will also need to add the "-DWITH_SSH1=On" argument to the first make command (i.e. ./configure>make -DWITH_SSH1=On>make install). The default make will also setup the necessary requirements for Xhydra if you have all of the dependencies needed, however I should mention that it is not functional in Cygwin environment due to issues with the GTK+ front end and Cygwin X Server. I previous had XHYDRA working but now seems to fail due to multiple errors but I am not a real programmer and don’t quite have the time to troubleshoot it. If you know anyone that is good with GTK programs then you might be able to fix the errors when it runs under Cygwin/X (just start X Server and then X-terminal and then run ./xhydra at command line in X-terminal to start the GUI. It will appear to be fine until you hit start to run it), until then XHYDRA only works in a 100% real Linux environment.
Now let us confirm we did not waste our time for nothing, check successful installation by issuing the following command to bring up the help menu and see all of the available options:
Code:
./hydra -hI will not go into great detail as the user guide is chalked full of details and there are already a lot of other tutorials on the net the cover how to use it, but not a lot on how to get it working on Windows (which is why I wrote this article). In order to get you started I will show you a quick example of cracking password on a basic home router user/pass for my network with Hydra (I am using a spare Netgear home router for this test), it goes a little something like this...
Code:
hydra -l admin -P /path/to/wordlist/passwords.txt -e ns -t 15 -f -s -vV 192.168.1.1 http-get -m /- the "-l" defins the username to use for all attempts
- the "-P" defines password to use or the path to use for wordlist to read passwords while attacking
- the "-e ns" instructs Hydra to attempt check for valid NULL connection (meaning blank or no password used)
- the "-t x" defines the thread count to be used, or how many tasks at once (where x = a number)
- the "-f" instructs Hydra to exit upon finding the first set of valid credentials or user/pass combo
- the "-s" instruct Hydra to use SSL for connection
- the "-vV" simply puts Hydra into verbose mode so you see what is going on while it is running
- "192.168.1.1" is being used as the IP address we are targeting (simply change to fit your need)
- the "http-get" defines the method or protocol to use for attacking (see below for full list of protocols)
- the "-m /" is defining where to target the attacks at, or the page to try and crack
You can see above it found the password (P@ssword1) for the username admin. You can search the user guide or Google if you need further explanations on how to use it or how to target other protocols, but that should atleast give you enough to get started. I must also note some important pieces of information that you should be aware of when cracking over the network with Hydra. First, if the password is not in your dictionary you will never find it (Period - the end!). Secondly, there are going to be some basic limitations that will impact your time, for example the maximum number of attempts possible per connection, protocol being attacked/used, bandwidth, size of word list and CPU power. These factors can all impact overall time it takes to exhasut all possibilities. The "-t" argument referenced aboved can be used to change the parallel thread count being used to help speed things up, but dont set it too high or will have the reverse affect. Here are some common max limits for attempts per connection, from the tools creators: telnet=4, ftp=6, pop3=1, amd imap=3, and here is the list of all supported protocols (as of the writing of this tutorial) so have fun cracking as the possibilities are limited only by your imagination:
Code:
AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3, POSTGRES, REXEC, SAP/R3, SMB,SMBNT, SMTP, SNMP, SOCKS5, SSH(v1 and v2), Subversion, Teamspeak (TS2), TELNET, VMware-Auth, VNC and XMPP.PRO TIP #1:
A key tip to helping stay secure is to always use a VPN connection when testing to help hide your IP, but Proxies are also a great thing to use. If you need a list of up to date working proxies please see my page dedicated to this here: http://kaoticcreations.blogspot.com/p/fr...elite.html. Once you have identified the proxy you will be using you can incorporate it into THCHydra when testing.
If you are using the http/www service for cracking then you need to use the following argument in your command you are using:
Code:
./hydra -m /dir/ -l dumbuser -P /path/to/your/passlist www.tagetsite.com http -HYDRA_PROXY_HTTP="http://10.10.10.10:8080/"If you are using any other service for cracking then you will need to use this format instead (very similar but notice the end of the argument changes from HTTP to CONNECT):
Code:
./hydra -m LH -l dumbuseradmin -P sam.dump www.tagetsite.com smbnt -HYDRA_PROXY_CONNECT="10.10.10.10:8080"Code:
-HYDRA_PROXY_AUTH="user:pass"
./hydra -m LH -l dumbuseradmin -P sam.dump www.tagetsite.com smbnt -HYDRA_PROXY_CONNECT="10.10.10.10:8080" -HYDRA_PROXY_AUTH="user:pass"A strong word list is also very helpful when it comes to cracking, so try to keep manageable word lists or use tools to help create narrowed down word lists for better, or more targeted, results. THCHydra comes with the PW-INSPECTOR tool which can be used to trim a wordlist down based on password policy or known details. I like to use the word list tools provided by the Hashcat team as well as a tool called Shmoosh2x64.exe. The Hashcat team has a set of tools to help with expanding, sorting, and splitting wordlists and the shmoosh tool helps to combine multiple wordlists while also sorting out duplicates so you get a new wordlist that is full of unique words. I suggest playing with them all as they can all come in handy in various occasions, and all have been documented on their respective sites if you need help with the proper command syntax to use (Google is your friend). If you need to find a good wordlist just search around Google as there are many out there, and I also highly suggest tools like CeWL, CUPP (Common User Passwords Profiler), or WyD (Who's Your Daddy Password Profiler) which can be used to spider sites to help create wordlists based on unique words found on the site that you can then turn around and use to performing bruteforce attacks with (as mentioned above start focused if you can and then broaden your search/attempts to increase your effectiveness).
Hopefully this tutorial has showed you how you can get the latest version of THCHydra working under a Windows 7 environment. This should be another great tool to add to your collection and along with my previous post on the Hashcat tools you should be covered now for all of you password cracking needs, both local and remote. I may cover some word list techniques down the road to complete the series and create a triple threat for those who have followed along. I also hope this tutorial helps to ignite some creativity in others to think outside the box for what tools are available to them and how they can be used.
$ cd /hydra-6.3-src
ReplyDelete-bash: cd: /hydra-6.3-src No such file or director
help what is wrong