{"id":2872,"date":"2016-06-27T01:42:22","date_gmt":"2016-06-27T01:42:22","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2872"},"modified":"2016-06-27T01:42:22","modified_gmt":"2016-06-27T01:42:22","slug":"thc-hydra-8-2-released","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2872","title":{"rendered":"THC-Hydra 8.2 Released"},"content":{"rendered":"<p>When you need to brute force crack a remote authentication service, <strong>Hydra<\/strong> is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like <a class=\"local\" href=\"http:\/\/sectools.org\/tool\/amap\/\">THC Amap<\/a> this release is from the fine folks at <a href=\"http:\/\/www.thc.org\/\">THC<\/a>. Other online crackers are <a class=\"local\" href=\"http:\/\/sectools.org\/tool\/medusa\/\">Medusa<\/a> and <a href=\"http:\/\/nmap.org\/ncrack\/\">Ncrack<\/a>. The <a href=\"http:\/\/nmap.org\/\">Nmap Security Scanner<\/a> also contains <a href=\"http:\/\/nmap.org\/nsedoc\/categories\/brute.html\">many online brute force password cracking modules<\/a>.<br \/>\n<strong>News and Changelog\u00a0on Hydra 8.2<\/strong><\/p>\n<ul>\n<li>Added RTSP module, thanks to jjavi89 for supplying!<\/li>\n<li>\u00a0Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch<\/li>\n<li>\u00a0Added new -O option to hydra to support SSL servers that do not suport TLS<\/li>\n<li>\u00a0Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames<\/li>\n<li>\u00a0Added patch to redis for initial service checking by Petar Kaleychev &#8211; thanks a lot!<\/li>\n<li>\u00a0Added support in hydra-http for http-post (content length 0)<\/li>\n<li>\u00a0Fixed important bug in http-*:\/\/server\/url command line processing<\/li>\n<li>\u00a0Added SSL SNI support<\/li>\n<li>\u00a0Fixed bug in HTTP Form redirection following &#8211; thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging<\/li>\n<li>\u00a0Better library finding in .\/configure for SVN + support for Darwin Homebrew (and further enhanced)<\/li>\n<li>\u00a0Fixed http-form module crash that only occurs on *BSD\/OSX systems. Thanks to zdk for reporting!<\/li>\n<li>\u00a0Fixed for SSL connection to support TLSv1.2 etc.<\/li>\n<li>\u00a0Support for different RSA keylengths, thanks to fann95 for the patch<\/li>\n<li>\u00a0Fixed a bug where the cisco-enable module was not working with the password-only logon mode<\/li>\n<li>\u00a0Fixed an out of memory bug in http-form<\/li>\n<li>\u00a0Fixed imap PLAIN method<\/li>\n<li>\u00a0Fixed -x option to bail if it would generate too many passwords (more than 4 billion)<\/li>\n<li>\u00a0Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated settingAdded &#8211;fhs switch to configure (for Linux distribution usage)<\/li>\n<\/ul>\n<p>Where to Download hydra:<br \/>\nYou can always find the newest release\/production version of hydra at its<br \/>\nproject page at https:\/\/www.thc.org\/thc-hydra<br \/>\nIf you are interested in the current development state, the public development<br \/>\nrepository is at Github:<\/p>\n<pre>  svn co https:\/\/github.com\/vanhauser-thc\/thc-hydra\n<\/pre>\n<pre>  git clone https:\/\/github.com\/vanhauser-thc\/thc-hydra.git\n<\/pre>\n<p>Note:<br \/>\nUse the development version at your own risk. It contains new features and<br \/>\nnew bugs. Things might not work!<br \/>\n&nbsp;<br \/>\nHow to Compile Hydra:<br \/>\nTo configure, compile and install hydra, just type:<\/p>\n<pre>.\/configure\nmake\nmake install\n<\/pre>\n<p>If you want the ssh module, you have to setup libssh (not libssh2!) on your<br \/>\nsystem, get it from <a href=\"http:\/\/www.libssh.org\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.libssh.org<\/a>, for ssh v1 support you also need<br \/>\nto add &#8220;-DWITH_SSH1=On&#8221; option in the cmake command line.<br \/>\nIf you use Ubuntu\/Debian, this will install supplementary libraries needed<br \/>\nfor a few optional modules:\\<\/p>\n<pre> apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \\\n                 libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \\\n                 firebird2.1-dev libncp-dev\n<\/pre>\n<p>This enables all optional modules and features with the exception of Oracle,<br \/>\nSAP R\/3 and the apple filing protocol &#8211; which you will need to download and<br \/>\ninstall from the vendor&#8217;s web sites.<br \/>\n<strong>Supported Platforms:<\/strong><\/p>\n<ul>\n<li>All UNIX platforms (linux, *bsd, solaris, etc.)<\/li>\n<li>Mac OS\/X<\/li>\n<li>Windows with Cygwin (both IPv4 and IPv6)<\/li>\n<li>Mobile systems based on Linux, Mac OS\/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/github.com\/vanhauser-thc\/thc-hydra\">Download at Github<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers<\/p>\n","protected":false},"author":1,"featured_media":2873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[162,318,705,278],"tags":[703,704],"class_list":["post-2872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-gathering","category-password-attacks","category-security-scanner","category-web-application","tag-hydra","tag-password-cracking"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2872"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2872\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}