Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Hydra Command line , Question

Posted on 2013-01-28
2
Medium Priority
?
2,860 Views
Last Modified: 2013-01-29
Hello Expert,
I have been attempting to use Hydra-THC for the past few days to scan for Exposed Microsoft SQL databases on our network.  I am using 3 different .txt files (username, passwords, and iplist files) in the following syntax agreement “  >hydra –L  usernames.txt  -P  passwords.txt  -M  iplist.txt  -e ns  -v  mssql ”.  to scan for databases. Instead of getting brute Force attempts I get error messages. Does anybody have idea what I may be doing wrong….. I running Hydra on WinXP SP3 machine w/all the latest updates
Error Message
C:\Documents and Settings\User\Desktop\hydra-7.3-windows\hydra-7.3>hydra -L
usernames.txt -P dic.txt -t 1 -e ns -M iplist.txt mssql
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-28 11:53:27
[WARNING] Restorefile (./hydra.restore) from a previous session found, to preven
t overwriting, you have 10 seconds to abort...
[DATA] 1 task, 13 servers, 554933 login tries (l:19/p:29207), ~7214129 tries per
 task
[DATA] attacking service mssql on port 1433
Child with pid 2568 terminating, can not connect
Child with pid 5900 terminating, can not connect
Child with pid Child with pid 55802212 terminating, can not conn
ect terminating, can not connect
Child with pid Child with pid 36325088 terminating, can not conn
ect terminating, can not connect

Child with pid 1760 terminating, can not connect
Child with pid 5128 terminating, can not connect
Child with pid 2252 terminating, can not connect
Child with pid 2408 terminating, can not connect
Child with pid Child with pid Child with pid 60525880298
4 terminating, can not connect
 terminating, can not connect terminating, can not connect
Child with pid 5428 terminating, can not connect
Child with pid 2544 terminating, can not connect
Child with pid 4660 terminating, can not connect
Child with pid 2064 terminating, can not connect
Child with pid 4420 terminating, can not connect
Child with pid 5416 Child with pid Child with pid  termin
ating, can not connect54442808 terminating, can not connect
 terminating, can not connect
Child with pid 3152 terminating, can not connect
Child with pid 3232 terminating, can not connect
Child with pid 3580 terminating, can not connect
0
Comment
Question by:Mike
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 38830975
it looks like part of the error msg as depicted in hydra codes in mssql func.
https://github.com/ggd543/hydra/blob/master/hydra-5.9-src/hydra-mssql.c

E.g. hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());

The PID is referring to the socket threads it spawn off to get connection open to mssql ports. The threads on attempts to perform these commands failed and leading to the a./m msg

sock = hydra_connect_tcp(ip, myport);
OR
sock = hydra_connect_ssl(ip, mysslport);

I was suspecting that if we just use single IP address on that same MSSQL server DB instance, it is failing as well. If so, then MS SQL may be having some authentication configured into it such as Windows Auth (kerberos) which is default or simple DB cred login which is supposed to be what Hydra is testing against...
0
 

Author Closing Comment

by:Mike
ID: 38831241
Ok,  that makes sense -  thanks for the help...
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question