Hydra - How does it work?

The constant threat: viruses, trojans, spyware, ... the list goes on

Hydra - How does it work?

Post by RalphRalph3 on Sat Jan 21, 2017 5:03 pm
([msg=93339]see Hydra - How does it work?[/msg])

I came across the brute force hacking tool "Hydra" and i was wondering how it worked, because if you simply type in 10 incorrect passwords most login systems will lock you out.

Hydra is able to try many passwords against one account without getting locked out, how is it able to do this?

Many thanks
RalphRalph3
New User
New User
 
Posts: 2
Joined: Wed Jan 11, 2017 2:36 pm
Blog: View Blog (0)


Re: Hydra - How does it work?

Post by Diggersby on Sat Jan 21, 2017 6:23 pm
([msg=93340]see Re: Hydra - How does it work?[/msg])

A good question. A quick google search found this link, which states the following:

Website wrote: There are several ways a system admin or network engineer can defend against brute force attacks. Here are a few methods. If you can think of any others, or disagree with the below, let us know in the comment below!

Disable or block access to accounts when a predetermined number of failed authentication attempts has been reached.


So, in reality, the authentication attempt number IS a defense against anyone who tries to brute force the password by interacting with the website directly.
The trick is to nab the user database's list of password hashes. If you have all the hashes on your computer, you can hash passwords as long as you like and compare them to the list.
Or if you have rainbow tables (lists of already hashed passwords), you can compare even faster (at the cost of storage space. Rainbow tables tend to be big).
Last edited by Diggersby on Sat Jan 21, 2017 6:30 pm, edited 1 time in total.
Diggersby
New User
New User
 
Posts: 9
Joined: Mon Jan 16, 2017 3:17 pm
Blog: View Blog (0)


Re: Hydra - How does it work?

Post by RalphRalph3 on Sun Jan 22, 2017 8:03 am
([msg=93347]see Re: Hydra - How does it work?[/msg])

Thanks,

why don't more companies use this? i tried it against all of my own social networks and added the password at the end of 10000 passwords and it still found the password
RalphRalph3
New User
New User
 
Posts: 2
Joined: Wed Jan 11, 2017 2:36 pm
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests