Basics of cracking FTP and Telnet accounts

Most of us crave for direct download links so that we can download at the highest possible speed. More intelligent of usCrack FTP,Telnet and POP3 accounts sniff out forums and DDL / WAREZ sites for direct links and to get unethical stuff. But as the saying goes,”Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime”, after a flurry of emails about on  how to crack ftp/pop3/telnet accounts,I decided to post an article on the above stated topic. One of the easy of hacking is brute forcing.You can quickly hack accounts if you have a decent sized password dictionary. I personally use one of about 3.16GB in size, but for this tutorial I'm only going to use a small password list, just so you get the feel of it.
Here is how to do that
The First step is to download hydra either from it's homepage (www.thc.org/thc-hydra/). Choose the windows version and hit download.Download the zip file, extract it, and make sure you see the files below:
download hydra and extract it
If you do, that's good. Go to Start > Run > cmd to open the command prompt. Then change to your hydra folder using the “cd” command. For example my hydra folder was on the desktop, so I did this:
navigate to hydra directory
Now that you've done this, it's time to execute Hydra for the first time! Sorry Windows fans, but there is only a GUI for Hydra for Linux systems, you you're gonna have to do it the old fashioned way. Just type “hydra.exe” without quotes, and watch the result:
execute hydra
Now we have to find some IP’s to attack and we will do it by ip scanning using Nmap. You can download it from here – make sure to download the windows installer.after installing it,find out your IP address, so that you know a possible IP range. In the command prompt sessions, type “ipconfig” and watch the results:
run ipconfig
In my case, the range is at least 10.1.1.1-4, but I'll go from 1 to 10 just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10” to see what hosts are alive, and wait for the results:
do an NMAP scan
Pick a host to port scan – I picked 10.1.1.1 because it is a router, and for most people the password is generally pretty simple, if not default. Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1” and see if it's running any services (click on the “Ports/Hosts” tab at the end for a simpler view of the services running and their ports). If you dont understand on how to use NMAP,read the basics here
lets hack a telnet account
Now we will be attacking the Telnet port because I know that it works, because I know you guys think Telnet is the be-all and end-all of hacking, and because the Windows version of THC-Hydra isn't compiled with LIBSSH support (unless you did it yourself), and as such I can't attack SSH – otherwise I'd be doing that instead. It's so much better. Head back to your command session, and review the output from Hydra before; it tells you the services it can crack. After looking through it, and realising that Telnet definitely is there, we can now proceed to attack it with the command
hydra -l admin -P passlist.txt 10.1.1.1 telnet
as is demonstrated here:
telnet hacked,note the circled password
An explanation of the command: -l admin was used because I assumed that the router would have the login of “admin”. You can use username lists as well if you wish. -P passlist.txt specified a password dictionary named “passlist.txt” - make sure to have the -P include the capital P, otherwise you'll be specifying a password to try.
10.1.1.1 is the routers IP address, and telnet is the protocol we want to attack. Now obviously we could tell it to attack that protocol on a different port, but we won't bother with that right now unless anyone else wants to see how. My dictionary only included 4 words for the purpose of this tutorial. You can see the cracked password circled at the end (which by the way, isn't my password for the router, for those of you who know how to get my IP and wanna try and break in :P). And that's how to do a basic hydra service crack on Windows.

Happy Cracking.

POSTED BY XERO.GREYHAT SECURITY.AN ARTICLE BY PHOENIX910.ALL RIGHTS RESERVED.

10 comments:

  1. hehe..good post xero..it was informative..keep it going..will give it a try now..

    ReplyDelete
  2. Hydra website is down either temporarily or permanently

    Can u upload on Rapidshare and post the link..

    ReplyDelete
  3. How do you get hydra to use HTTP?

    “hydra -l admin -P passlist.txt 10.1.1.1 telnet”

    I replaced telnet with http but that doesn't work. I'd like to know the syntax I'm suppose to be using. I want to check the vulnerability of my website in terms of people cracking userids + passwords. I can't find anything online about this online. Thanks, Dan

    ReplyDelete
  4. only one ip can be scanned ???

    ReplyDelete
  5. nice try to xss hack nub ;)

    ReplyDelete
  6.  try to script some thing ehhehe epic FAIL

    ReplyDelete

Need to say something ? Spell it out :)