The Hydra application will scan a range of IP addresses and identify any open shares from open port 139. Open shares are shares without passwords assigned to them, of which the majority allows anyone to copy, move, delete, and quite often add to the share. Not all shares are left unprotected and Hydra has the ability to brute-force its way into the share given a username and password list combination.
From the directory containing the compressed Hydra files type tar –zxvf hydra-5.0-src.tar.gz.
The files will uncompress into a new directory named hydra-5.0-src. Change to the new directory by typing cd hydra-5.0-src and pressing Enter.
Hydra needs to be compiled for the specific machine it is on. This is done by typing ./configure. Hydra will compile to the specific machine. The next step is to create Hydra by typing the make command.
The make command will execute and attempt to create the xhydra for Linux X. To start Hydra in X type:
Change the Single target to the new target. Change the Port from Cisco to 139. (After all, we are looking for SMB Shares). Select the Show Attempts and Be Verbose options.
Select the Passwords tab and Change the Username. Change the password to either a specific password for the account or to a password file. There are applications designed to create password files, but if you need to create one manually simply create a text file in the directory containing Hydra with passwords containing one password per line.
Click Start. The results will be displayed. Hydra will attempt each password from the password file for the username given. If the correct password is in the file, Hydra will let you know. In this example, the password for the username kermit is 123.
Now our next step will be to create a directory that Linux can associate with the target’s share by typing:
mkdir hackerNext is to mount the shared directory on the target. You can find out the share name (Personal) using the LANguard application.
Type in the username for the share.
Type in the password for the share. Verify that the Linux machine can view the contents of the target’s shared folder.
By looking at the shared directory on the target we can verify that the Linux machine is actually looking at the contents of the share on the target.
If xhydra will not install on your version of Linux. In this case, you would type:
./hydra 172.16.1.40 smb –s 139 –v –V –l kermit –P passwordlist1 –t 36
The results from the command line are identical to the xhydra.*Note: There are literally thousands of open shares existing on the Internet, and thousands of those are left unprotected unintentionally. One of the biggest reasons for this is that the owner is not educated in the area of security and is dependent upon his or her ISP or even the router “out-of-the-box” for their security needs.
If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.