factgasm Posted January 28, 2015 Share Posted January 28, 2015 (edited) Over the last twelve months or so I have created numerous gmail accounts for myself for different purposes (for example I tend to use factgasm on forums). Today I have been trying out Hydra for real, namely hacking my own gmail accounts. I set up a very small password file containing a range of random passwords and passwords to my gmail accounts. I then ran hydra using the string: hydra -s 465 -S -v -V -l [gmail address] -P [passwordfilename.txt] -e ns -t 16 -F smtp.gmail.com smtp Weirdly hydra does find the password for some of my accounts but not others. Anyone else ever come across this? Edited January 28, 2015 by factgasm Quote Link to comment Share on other sites More sharing options...
digip Posted January 29, 2015 Share Posted January 29, 2015 Well, does it brute force them against gmail on the fly? Because if so many attempts in a row are wrong, I think google blocks you, or may lock the accounts for a certain period of time. Stagger the timing in chunks, see if that helps. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted January 29, 2015 Share Posted January 29, 2015 Its all depending on the configuration. Each machine may have custom modules or brute force prevention software installed... If you send off 5 failed attempts to quickly, even tho your 6th attempt is valid login credentials, brute force detection kicks in and responds with unauthorized... If you can find the variable of how many attempts trigger the red flag, then slow down the attack by a few seconds for each attempt. You may find the sweet spot so, now you found your attack speed is slow as hell, 1 password per 3 minutes will safely evade any red flags (example) How many proxy's will it take to achieve 1pass per second ? Quote Link to comment Share on other sites More sharing options...
digip Posted January 29, 2015 Share Posted January 29, 2015 or, will they eventually just lock the account, and keep you out and have to password reset it Quote Link to comment Share on other sites More sharing options...
factgasm Posted January 29, 2015 Author Share Posted January 29, 2015 (edited) Even when I cut the file down to containing just the single solitary password for particular accounts I am attacking, even then Hydra fails. I seem to remember when I was setting up some of these accounts that Google offered an option to add increased security. On some of my accounts I opted for that security, on others not. It would seem that Hydra is having difficulty with the accounts that I opted to have extra security on. Edited January 30, 2015 by factgasm Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.