Jump to content

Trying to crack my friends SVN server w/ Hydra.


Recommended Posts

Posted

Ok, I'm back, with another question.

My friend has a SVN server. You can connect to it using https://xxx.xxxx.xxx.xx/

I asked if I can crack it and he set me up an account just to crack it. Here is what I have in my Hydra command line...

Hydra -l hackme -P /pentest/wireless/aircrack-ng/test/general.lst -e ns -t 10 -f -s -vV xx.xxx.xx.xxx https-get https://xx.xxx.xx.xxx/svn/ -o Output.txt

Then when I start the command, I just get this..

Hydra v5.4 (c) 2006......

[DATA] 10 tasks, 1 servers, 2293 login tries (1l:1/p:2293), ~229 tries per task
[DATA] attacking service http-get on prot 443
[STATUS] 849.00 tries/min, 849 tries in 00:01h, 1444 todo in 00:02h
[STATUS] 767.50 tries/min, 1535 tries in 00:02h, 758 todo in 00:01h
[STATUS] 726.00 tries/min, 2178 tries in 00:03h, 115 todo in 00:01h
[STATUS] attack finished for xx.xxx.xx.xxx (waiting for childs to finish)
Hydra (http://www.thc.org) finished at 2009-10-11 15:16:48

And the output has nothing written into it. I also tried the command

Hydra -l hackme -P /pentest/wireless/aircrack-ng/test/general.lst -e ns -t 10 -f -s -vV xx.xxx.xx.xxx https-get / -o Output.txt

But it outputs a bunch of wrong passwords.

Any ideas?

Posted

I can't say are you choose good -flags in this process... But if Hydra find password it have been showed in cmd promt... So if everything else is good, wordlist dont have right password.

Posted
I can't say are you choose good -flags in this process... But if Hydra find password it have been showed in cmd promt... So if everything else is good, wordlist dont have right password.

Well, I am using Backtrack 4. Not windows, just to start off with.

Secondly. Yes, the passlist might not have the password, but I don't see why Hydra wouldn't try the first time and I also don't see how Hydra can output like 6-8 wrong passwords when I try a different "url" (https://xx.xxx.xx.xxx/svn/ or /)

Posted
mmm can u paste what hydra promt you when u lunch the last command ?

Ok, well, I did the command in xhydra, and I found that the passlist didn't have the password. I added it to my list (he gave it to me to see if it was user error) and I ran xhydra again, it found it, but the Console shell is still becoming confused and dropping 3-4 wrong passwords. haha.

I'll stick to xhydra then..

Posted

Strange, i see i couldn't help u... Me too have problem with hydra :) I just start playing with it... I go to take closer look at documentation one evening, and recommend to you ;) Or maybe u get help here. Peace man.

Posted

UPDATE:

Ok, it seems even xhydra is borking out.

I added the password to the base password.lst in

/pentest/wireless/aircrack-ng/test/

Around the 30th line. I did the same thing in xhydra and it even ATTEMPTed it, but it scrapped it as a password and gave me three wrong passwords

Posted

There is a good chance either your ISP provider is blocking your access because it is obvious that you are attacking a server or his ISP/hosting is blocking access because it's obvious he's under attack. If the former is the case TOR will probably resolve it, if the latter is the case, TOR might solve it. Either that or slow down the attack so it tries one password every 5 minuets.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...