Jump to content

thc-hydra use password file as variables (parse thc-hydra output)?


vailixi

Recommended Posts

So I want to audit a few SSH servers. I want to save the output of THC-Hydra to a file then use the out of the file as variables in the next step of auditing. Trying to automate this this as much as possible.

hydra syntax:

hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh


I want to use the output from the saved text file for the next step. I can get this a number of ways. this is simple.

 cat /root/Desktop/cracked.txt | tail -1

I get this output here::

[22][ssh] host: 10.42.0.196   login: donkeypuncher   password: fistingtiffany

I want to pretty much save the host, user, and password variables so I can use them in my script in the next couple of steps.

How do I go about this?

Edited by vailixi
Link to comment
Share on other sites

With a lot of hacking you could probably do it on the command line in bash but I'd do a ruby or python script to wrap it all. That can tail the file and parse anything you want out of it.

If you want to use bash, look at cut, that will let you break the line down into bits which you can then reuse. Or sed might be better, you could use that to do match and replace to build a whole new command.

Link to comment
Share on other sites

On 3/24/2017 at 10:44 PM, vailixi said:

 


hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh

 


 cat /root/Desktop/cracked.txt | tail -1

 


[22][ssh] host: 10.42.0.196   login: donkeypuncher   password: fistingtiffany

Are you trolling us right now?

Edited by Decoy
Misspelled.
Link to comment
Share on other sites

44 minutes ago, vailixi said:

No dawg. why would you think I'm trolling?

maybe because of the user name and password?

Link to comment
Share on other sites

  • 1 month later...
2 hours ago, kdodge said:

Hey Darren, thanks for the reference you made in your podcast about this little script a few weeks ago! I just had one question though, you said that its better to use $() over `` for getting the output of commands, and I was just wondering why that is?

I don't see @Darren Kitchen in this thread, but if I'm taking a guess at your reference, using $(somecommands) can be used as variables as well, like someVar = $(some commands to run against $1 or whatever you put in here) where later you reference $someVar when needed in a script and it does whatever it is you put in there. That output can then be piped or redirected like any other input and output data to save to file or read in to another process.

 

Link to comment
Share on other sites

I think it depends on the shell, but all modern shells probably support both, older ones maybe only the backtick. I'm not a *nix guru, so someone else might know and chime in.

Everything in $() is treated as a command, as you'd expect with backticks. Nesting becomes an issue though and you have to escape all bacticks inside of backticks, or your commands could start failing with something like expecting end of line or such. They also become confusing with your code when using backticks and single quotes in the same sections of a script, something to think about. Older shells might not use the newer $() either, but all modern systems should work using $() which I guess is now commonplace. backtick might have some other meaning for certain shells and commands as well. Some shells don't use $() either, and some use things like source() or .() which is over my head. I'm not much of a programmer nor fluent with shell scripting.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...