So first of all you need to download and install hydra-5.4.Google it.Its free and it doesn't have a graphical interface.You 'll have to use the command line.After you have downloaded it,you need to search for a wordlist.Search for 'wordlist.txt' on Google.It 'll be text file.Save it in your harddisk.Add more words or phone numbers to it if you want to.
The next thing to do is search for a vulnerable site.A site that allows anonymous login through ftp,can be vulnerable.Or if you know the admin login name you can brutefoce the site as demonstrated below.Lets say the admin login name is 'admin'.You can use a wordlist for admin names even.Open the command prompt and change to the directory where you downloaded hydra.Type the following
Hydra -l admin -P wordlist.txt -e ns -vV [ip address] ftp
where [ip address] is the IP address of the site.To know the ip address you can ping the site by typing the following at the cmd prompt
ping sitetobehacked.com
sitetobehacked is the name of the vulnerable site.You will see the ip address of the site.The wordlist should be in the same directory and if you wanna use a wordlist for username also,replace admin by a text file where you have saved the names.Back to our hydra program,after you type the above command,and hit enter,hydra will start bruteforcing the site and it will take few minutes depending on the length of your wordlist.As soon as the password matches with the correct password,the program will stop and you will see the real password.Use it to login to the site using ftp and then you can download and upload files to the server and view all confidential documents!
No comments:
Post a Comment