Friday, August 26, 2005
Identity Thieves in Action: Video
http://www.identitytheftsecrets.com/videos/paypalemail3.html\
Interesting to see how these guys go through this process...
Detect weak network passwords with Hydra
Security experts always advise you to use only strong alphanumeric
passwords for network applications, and change them often, but you know
that not everyone on your network is security-conscious. Starting to
worry that weak passwords may be slipping through your defenses? Then
it's time to unleash Hydra, a network login cracker for more than 30 network services.
Hydra comes from The Hacker's Choice
(THC), a group that has written more than 60 open source network
security tools and research papers. Hydra receives frequent updates and
is the group's second most downloaded project.
passwords for network applications, and change them often, but you know
that not everyone on your network is security-conscious. Starting to
worry that weak passwords may be slipping through your defenses? Then
it's time to unleash Hydra, a network login cracker for more than 30 network services.
Hydra comes from The Hacker's Choice
(THC), a group that has written more than 60 open source network
security tools and research papers. Hydra receives frequent updates and
is the group's second most downloaded project.
I ran Hydra against a MySQL server on my local machine. The simplest
way to run Hydra is to specify a user name and password combination for
it to try. This is useful only when you know what the username or
password of the service is likely to be. To get a feel for Hydra, use a
login and password that you know will succeed. I did so by running:
hydra localhost mysql -l root -p rootpass
This runs Hydra against MySQL on the local machine with a login of root
and a password of rootpass. By default, Hydra spawns 16 concurrent
processes. Adding more processes with the -t
option can speed things up a bit at the risk locking yourself out of a
network service if the administrator restricts the number of connection
attempts. Here, Hydra reports it succeeded in connecting with this
combination and outputs:
[3306][mysql] host: 127.0.0.1 login: root password: rootpass
To run Hydra against a machine on a network, just substitute localhost with an IP address or hostname.
Specifying a login and password combination for every attempt is not
very efficient. The login part of the equation is the easy one. Typical
logins for most network services are words like root or admin. The
password part is where the difficulty lies. That is what makes Hydra's
ability to use dictionary files for both logins and passwords so
useful. A dictionary file contains a list of words (one word per line)
that Hydra can cycle through for logins or passwords.
You can specify a dictionary file with the following syntax:
hydra localhost mysql -L login.txt -P pass.txt
Hydra does not come with any dictionary files -- you must
create your own or download one. One option is to use something like an
English language thesaurus
from Project Gutenberg. This list contains commas and does not have
only one word per line. You can clean up this list with the following
Sed command:
sed -e 's/,/ /g' -e 's/[ ]/\n/g' mthesaur.txt | sort | uniq > pass.txt
This removes the commas, places each word on its own line, and removes
duplicate entries. This gives you a dictionary file with 74,618 words.
One way to test Hydra with a file this size is to create a small
login dictionary file with usernames and use a large dictionary file
for passwords. Next, add a MySQL account with a username and password
combination from these files. For example, using a login dictionary
file with 10 entries and pass.txt gives Hydra 746,180 combinations to
cycle through.
If you know the service you're testing against has a minimum
password length -- say, passwords must be at least 10 characters long
-- then testing passwords with fewer than 10 characters would be a
waste of time and resources. Hydra comes with pw-inspector, a utility
that sorts passwords based on criteria you pass to it. You can sort
pass.txt to words with 10 or more characters, by running:
cat pass.txt | pw-inspector -m 10 > sortedpass.txt
This trims the list down to 28,571 words. The final command to run is:
hydra localhost mysql -L logins.txt -P sortedpass.txt
This brings down the number of combinations to a slimmer 285,710.
The amount of time this takes depends on the speed of your machine
and the placement of the login and password in the files. Hydra updates
you as the process goes on. My 1.2GHz AMD Duron processor can crunch
approximately 4,000 combinations per minute with an estimated time of
one hour 10 minutes to run the whole set. This particular scan took an
hour. I achieved nearly the same result over a switched 100Mbps network
in later testing. In that test, Hydra's bandwidth usage averaged
100Kbps. If you need to quit mid-scan, go ahead. Hydra saves its
results in a file named hydra.restore. To pick up where you left off,
use the command hydra -r from within the directory where you initiated the scan.
There is much more to Hydra then what these simple examples show.
Hydra can scan entire networks at a time and work through proxy
servers. A GTK-based graphical interface called xhydra is also
included.
With the help of Hydra, you can weed out the weak logins and
passwords that pose a security threat to your network. It's a good tool
in your network security arsenal.
Paul Virijevich is working to eliminate the "Linux consultants cost more" TCO myth. He recently started a consultancy, providing cost-effective open source solutions to small businesses.
Subscribe to:
Posts (Atom)
About Me
- Rueben
- I have been working with computers/programming to put myself through college since I graduated high school. I am currently attending Oklahoma State University for bachelors degree in biological sciences. Along with my experience in programming, a degree in biology will allow me to pursue a career in bioinformatics research concerning genetic diseases (i.e. cancer).