Solved

Hydra Command line , Question

Posted on 2013-01-28
2
2,626 Views
Last Modified: 2013-01-29
Hello Expert,
I have been attempting to use Hydra-THC for the past few days to scan for Exposed Microsoft SQL databases on our network.  I am using 3 different .txt files (username, passwords, and iplist files) in the following syntax agreement “  >hydra –L  usernames.txt  -P  passwords.txt  -M  iplist.txt  -e ns  -v  mssql ”.  to scan for databases. Instead of getting brute Force attempts I get error messages. Does anybody have idea what I may be doing wrong….. I running Hydra on WinXP SP3 machine w/all the latest updates
Error Message
C:\Documents and Settings\User\Desktop\hydra-7.3-windows\hydra-7.3>hydra -L
usernames.txt -P dic.txt -t 1 -e ns -M iplist.txt mssql
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-28 11:53:27
[WARNING] Restorefile (./hydra.restore) from a previous session found, to preven
t overwriting, you have 10 seconds to abort...
[DATA] 1 task, 13 servers, 554933 login tries (l:19/p:29207), ~7214129 tries per
 task
[DATA] attacking service mssql on port 1433
Child with pid 2568 terminating, can not connect
Child with pid 5900 terminating, can not connect
Child with pid Child with pid 55802212 terminating, can not conn
ect terminating, can not connect
Child with pid Child with pid 36325088 terminating, can not conn
ect terminating, can not connect

Child with pid 1760 terminating, can not connect
Child with pid 5128 terminating, can not connect
Child with pid 2252 terminating, can not connect
Child with pid 2408 terminating, can not connect
Child with pid Child with pid Child with pid 60525880298
4 terminating, can not connect
 terminating, can not connect terminating, can not connect
Child with pid 5428 terminating, can not connect
Child with pid 2544 terminating, can not connect
Child with pid 4660 terminating, can not connect
Child with pid 2064 terminating, can not connect
Child with pid 4420 terminating, can not connect
Child with pid 5416 Child with pid Child with pid  termin
ating, can not connect54442808 terminating, can not connect
 terminating, can not connect
Child with pid 3152 terminating, can not connect
Child with pid 3232 terminating, can not connect
Child with pid 3580 terminating, can not connect
0
Comment
Question by:amstoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 38830975
it looks like part of the error msg as depicted in hydra codes in mssql func.
https://github.com/ggd543/hydra/blob/master/hydra-5.9-src/hydra-mssql.c

E.g. hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());

The PID is referring to the socket threads it spawn off to get connection open to mssql ports. The threads on attempts to perform these commands failed and leading to the a./m msg

sock = hydra_connect_tcp(ip, myport);
OR
sock = hydra_connect_ssl(ip, mysslport);

I was suspecting that if we just use single IP address on that same MSSQL server DB instance, it is failing as well. If so, then MS SQL may be having some authentication configured into it such as Windows Auth (kerberos) which is default or simple DB cred login which is supposed to be what Hydra is testing against...
0
 

Author Closing Comment

by:amstoots
ID: 38831241
Ok,  that makes sense -  thanks for the help...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question