Jump to content

Hydra - inconsistencies.


factgasm
 Share

Recommended Posts

Over the last twelve months or so I have created numerous gmail accounts for myself for different purposes (for example I tend to use factgasm on forums). Today I have been trying out Hydra for real, namely hacking my own gmail accounts.

I set up a very small password file containing a range of random passwords and passwords to my gmail accounts.

I then ran hydra using the string:

hydra -s 465 -S -v -V -l [gmail address] -P [passwordfilename.txt] -e ns -t 16 -F smtp.gmail.com smtp

Weirdly hydra does find the password for some of my accounts but not others. Anyone else ever come across this?

Edited by factgasm
Link to comment
Share on other sites

Well, does it brute force them against gmail on the fly? Because if so many attempts in a row are wrong, I think google blocks you, or may lock the accounts for a certain period of time. Stagger the timing in chunks, see if that helps.

Link to comment
Share on other sites

Its all depending on the configuration. Each machine may have custom modules or brute force prevention software installed...

If you send off 5 failed attempts to quickly, even tho your 6th attempt is valid login credentials, brute force detection kicks in and responds with unauthorized...

If you can find the variable of how many attempts trigger the red flag, then slow down the attack by a few seconds for each attempt. You may find the sweet spot

so, now you found your attack speed is slow as hell, 1 password per 3 minutes will safely evade any red flags (example)

How many proxy's will it take to achieve 1pass per second ?

Link to comment
Share on other sites

or, will they eventually just lock the account, and keep you out and have to password reset it

Link to comment
Share on other sites

Even when I cut the file down to containing just the single solitary password for particular accounts I am attacking, even then Hydra fails.

I seem to remember when I was setting up some of these accounts that Google offered an option to add increased security. On some of my accounts I opted for that security, on others not.

It would seem that Hydra is having difficulty with the accounts that I opted to have extra security on.

Edited by factgasm
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...