hacker

UPDATED: Installing THC-Hydra 5.7 on Ubuntu Lucid Lynx 10.04

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu. Here is how I finally did it.

First I installed dependencies.
sudo apt-get install build-essential libssl-dev libssh-dev libgtk2.0-dev libssh2-1-dev

Next, grab the Hydra source code.
wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

UPDATED: THC-Hydra 5.9 on Ubuntu 10.10 (Maverick Meerkat)
UPDATED: THC-Hydra 5.7 on Ubuntu 10.04 (Lucid Lynx)
UPDATED: THC-Hydra 5.4 on Ubuntu 9.10 (Karmic Koala)

Wikipedia describes THC-Hydra as "... software ... that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services." Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.

I had a hard time installing THC-Hydra on Ubuntu Intrepid Ibex. Here is how I finally did it.

First installed dependencies. Note: I couldn't compile xhydra but I am including libgtk2.0 anyway. Maybe someone can post a solution.

sudo apt-get install libssl-dev libgtk2.0-dev

Next, grab the Hydra source code.

wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

Today I bumped into an interesting application called pmdump (http://www.ntsecurity.nu/toolbox/pmdump/).

According to the website "PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process."

So how is this useful you may ask? Well, let me show you.

For my test case I decided to look at Google's Chrome Browser since I know I use passwords to log into web sites like my bank's site.

I looked up the PID (process Identification number) of the browser by using Microsoft Sysinternal's pslist command line tool.

C:\hacktools>pslist chrome
...
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
chrome 2440 8 28 582 34892 0:02:13.609 7:59:29.048

Port scanners allow you to scan a network and collect information quickly. NMap (http://insecure.org/) is probably the most used port scanner. The reason for this is that 1) its free as in beer and 2) its a REALLY good product. That being said, you will find a plethora of guides and forum discussion all over the internet.

Getting to know your network is easy with nmap. Need to find all the hosts on your network:

nmap -sP 192.168.1.0/24

What if an IIS worm is creating crazy traffic on your network, locate all the web servers on the network:

nmap -p80 192.168.1.0/24