Longcat Posted October 11, 2009 Posted October 11, 2009 Ok, I'm back, with another question. My friend has a SVN server. You can connect to it using https://xxx.xxxx.xxx.xx/ I asked if I can crack it and he set me up an account just to crack it. Here is what I have in my Hydra command line... Hydra -l hackme -P /pentest/wireless/aircrack-ng/test/general.lst -e ns -t 10 -f -s -vV xx.xxx.xx.xxx https-get https://xx.xxx.xx.xxx/svn/ -o Output.txt Then when I start the command, I just get this.. Hydra v5.4 (c) 2006...... [DATA] 10 tasks, 1 servers, 2293 login tries (1l:1/p:2293), ~229 tries per task [DATA] attacking service http-get on prot 443 [STATUS] 849.00 tries/min, 849 tries in 00:01h, 1444 todo in 00:02h [STATUS] 767.50 tries/min, 1535 tries in 00:02h, 758 todo in 00:01h [STATUS] 726.00 tries/min, 2178 tries in 00:03h, 115 todo in 00:01h [STATUS] attack finished for xx.xxx.xx.xxx (waiting for childs to finish) Hydra (http://www.thc.org) finished at 2009-10-11 15:16:48 And the output has nothing written into it. I also tried the command Hydra -l hackme -P /pentest/wireless/aircrack-ng/test/general.lst -e ns -t 10 -f -s -vV xx.xxx.xx.xxx https-get / -o Output.txt But it outputs a bunch of wrong passwords. Any ideas? Quote
THC Posted October 11, 2009 Posted October 11, 2009 I can't say are you choose good -flags in this process... But if Hydra find password it have been showed in cmd promt... So if everything else is good, wordlist dont have right password. Quote
Longcat Posted October 11, 2009 Author Posted October 11, 2009 I can't say are you choose good -flags in this process... But if Hydra find password it have been showed in cmd promt... So if everything else is good, wordlist dont have right password. Well, I am using Backtrack 4. Not windows, just to start off with. Secondly. Yes, the passlist might not have the password, but I don't see why Hydra wouldn't try the first time and I also don't see how Hydra can output like 6-8 wrong passwords when I try a different "url" (https://xx.xxx.xx.xxx/svn/ or /) Quote
THC Posted October 11, 2009 Posted October 11, 2009 mmm can u paste what hydra promt you when u lunch the last command ? Quote
Longcat Posted October 11, 2009 Author Posted October 11, 2009 mmm can u paste what hydra promt you when u lunch the last command ? Ok, well, I did the command in xhydra, and I found that the passlist didn't have the password. I added it to my list (he gave it to me to see if it was user error) and I ran xhydra again, it found it, but the Console shell is still becoming confused and dropping 3-4 wrong passwords. haha. I'll stick to xhydra then.. Quote
THC Posted October 11, 2009 Posted October 11, 2009 Strange, i see i couldn't help u... Me too have problem with hydra :) I just start playing with it... I go to take closer look at documentation one evening, and recommend to you ;) Or maybe u get help here. Peace man. Quote
Longcat Posted October 11, 2009 Author Posted October 11, 2009 UPDATE: Ok, it seems even xhydra is borking out. I added the password to the base password.lst in /pentest/wireless/aircrack-ng/test/ Around the 30th line. I did the same thing in xhydra and it even ATTEMPTed it, but it scrapped it as a password and gave me three wrong passwords Quote
Sparda Posted October 12, 2009 Posted October 12, 2009 There is a good chance either your ISP provider is blocking your access because it is obvious that you are attacking a server or his ISP/hosting is blocking access because it's obvious he's under attack. If the former is the case TOR will probably resolve it, if the latter is the case, TOR might solve it. Either that or slow down the attack so it tries one password every 5 minuets. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.