Closed New3ky closed 8 years ago
erwanlr
commented
8 years ago First it depends on the connection between the target and you.
By the looks of it, 10k attempts in 1h30 is pretty slow. So either you have a slow connection or your target is slow to respond (which may be caused by a security plugin on the blog).
Then, I would use a dedicated password attack tool such as Hydra, have a look at https://gist.github.com/erwanlr/a7a7fd0958b2bdee0aab
New3ky
commented
8 years ago I'm trying it out on digital ocean VPS
512MB Memory 1 Core Processor 20GB SSD Disk 1TB Transfer
What do you think?
New3ky
commented
8 years ago Hi erwanlr thanks for helping. I'm giving Hydra a go on my Wordpress site, does this string look ok?
hydra -L /root/uname.txt -P /root/500-worst-passwords.txt domain.com http-get-form "/wp-login.php:log=^USER^&pwd=^PASS^:ERROR"
For some reason I get this message
1 of 1 target successfully completed, 12 valid passwords found
I don't have 12 passwords and none of the 12 are actually my password so I must have messed up somewhere.
erwanlr
commented
8 years ago nop it's not ^^
First of all, you are trying to do GET requests to the login form, which won't work. You should use http-form-post as mentioned in the document I linked in my post above.
Furthermore, when you are trying a new tool or have issue with one, using a proxy to see what requests are done will help you solve problems. Assuming you have a proxy such as Burp suite running on http://127.0.0.1:8080, you can do the following to use it: export HYDRA_PROXY_HTTP=http://127.0.0.1:8080 in a terminal (and unset HYDRA_PROXY_HTTP to not use it any more), then use hydra normally hydra -l admin -p admin etc and you should see something like [INFO] Using HTTP Proxy: http://127.0.0.1:8080 at the top.
Then, you use a failure condition, i.e responses that do not contain 'ERROR' will be assumed as a valid combination of USER/PASS. If you combine this with the fact that you use the http-get-form, it explains why you have 12 passwords found ;D.
I would recommend you to use a success condition string like I suggested in the document at https://gist.github.com/erwanlr/a7a7fd0958b2bdee0aab as it will reduce the false positives (I even give the exact string to use, easy peasy :o)
New3ky
commented
8 years ago Ok, I've been trying but I'm not too clear on where to add the success string. Does this look ok, and yes I'm a noob.
hydra -l admin -P /root/500-worst-passwords.txt www.thissite.com http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^:S=Location: .*/wp-admin/
erwanlr
commented
8 years ago Yes the success string is at the right place (just make sure that the ':' after the 'Location' is escaped with an anti-slash '\', otherwise hydra will go nuts xD)
Now, to see if it works correctly, I usually provide valid and invalid credentials to make sure that Hydra process them correctly.
For example, in my lab, the admin account password is admin (:o), so I run hydra -l admin -p admin [etc] and hydra should detect it as valid, then I try hydra -l admin -p whatever and hydra should not report a valid combination.
Alternatively, you can provide a list (hydra -P option) containing a valid password and see if Hydra correctly detects it.
giggioman00
commented
8 years ago Hi, I have the same problem of the OP using Hydra. I installed a testing wordpress site. Admin username is 'testwordpress99' Admin password is '3'
So the password is very easy. In hydra I use this command:
hydra -l testwordpress99 -p 3 mysite.com http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^:S=Location: .*/wp-admin/
and in this screenshot you can see the result: http://s15.postimg.org/ef8pjxmaj/hydra.jpg
Why gives me 0 valid passwords fund, if I put the right password? If I try to login by browser with this username and password, I log correctly.
Could you help me, please? Thank you.
erwanlr
commented
8 years ago 3 potential things that I see:
erwanlr
commented
8 years ago also, you might need to use the -d option (debug) to see if requests & response are correct
giggioman00
commented
8 years ago Hi, If I close the double quote I get the same problem If I try to use 8.1 I get the same problem If I try to use -d option for debug I get a different problem. The job doesn't start, it give me information about how to use hydra.
Now I'm downloading Kali linux
erwanlr
commented
8 years ago If I try to use -d option for debug I get a different problem. The job doesn't start, it give me information about how to use hydra.
If I remember correctly, you have to put the -d option before the host (mysite.com here):
hydra -l testwordpress99 -p 3 -d mysite.com http-form-post "/wp-login.php:log=^USER^&pwd=^PASS^:S=Location\: .*/wp-admin/"In Kali linux it works correctly! Thank you!
4n0nh4ck3r
commented
5 years ago hy there all friends am having same problem i started test on hydra for fb hacking it just tested 2 mint and ended and no paswerd pair was found also i realy don't understand the way to write script of it tell me that too
RaNdOm0313
commented
4 years ago hy there all friends am having same problem i started test on hydra for fb hacking it just tested 2 mint and ended and no paswerd pair was found also i realy don't understand the way to write script of it tell me that too
Ok sorry for the language but... Get the hell out of here kid, no joke.
sumitwalia007
commented
3 years ago hey guys , my hydra session is working perfectly fine , i have pretty good connection but still the attack takes too much time to get completed . I was trying to do a THM machine , but it takes about 1-2 hours just to go through 10000 passwords . Is there any way to increase the threads of the whole process ???
So I'm just trying out WPscan and it looks pretty cool so far.
I'm using this string:
ruby wpscan.rb --url www.thisisanurlexample.com --wordlist /root/rockyou.txt --username admin --threads 25
The rockyou.txt file is very large and it's taking a long time to get through.
Time: 01:34:54 < > (9520 / 14344392) 0.06%
At this rate it will take 2,500 hours to get through the rockyou.txt
Is there any way to speed this up?
Thanks