Solved

Hydra Command line , Question

Posted on 2013-01-28
2
2,565 Views
Last Modified: 2013-01-29
Hello Expert,
I have been attempting to use Hydra-THC for the past few days to scan for Exposed Microsoft SQL databases on our network.  I am using 3 different .txt files (username, passwords, and iplist files) in the following syntax agreement “  >hydra –L  usernames.txt  -P  passwords.txt  -M  iplist.txt  -e ns  -v  mssql ”.  to scan for databases. Instead of getting brute Force attempts I get error messages. Does anybody have idea what I may be doing wrong….. I running Hydra on WinXP SP3 machine w/all the latest updates
Error Message
C:\Documents and Settings\User\Desktop\hydra-7.3-windows\hydra-7.3>hydra -L
usernames.txt -P dic.txt -t 1 -e ns -M iplist.txt mssql
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-28 11:53:27
[WARNING] Restorefile (./hydra.restore) from a previous session found, to preven
t overwriting, you have 10 seconds to abort...
[DATA] 1 task, 13 servers, 554933 login tries (l:19/p:29207), ~7214129 tries per
 task
[DATA] attacking service mssql on port 1433
Child with pid 2568 terminating, can not connect
Child with pid 5900 terminating, can not connect
Child with pid Child with pid 55802212 terminating, can not conn
ect terminating, can not connect
Child with pid Child with pid 36325088 terminating, can not conn
ect terminating, can not connect

Child with pid 1760 terminating, can not connect
Child with pid 5128 terminating, can not connect
Child with pid 2252 terminating, can not connect
Child with pid 2408 terminating, can not connect
Child with pid Child with pid Child with pid 60525880298
4 terminating, can not connect
 terminating, can not connect terminating, can not connect
Child with pid 5428 terminating, can not connect
Child with pid 2544 terminating, can not connect
Child with pid 4660 terminating, can not connect
Child with pid 2064 terminating, can not connect
Child with pid 4420 terminating, can not connect
Child with pid 5416 Child with pid Child with pid  termin
ating, can not connect54442808 terminating, can not connect
 terminating, can not connect
Child with pid 3152 terminating, can not connect
Child with pid 3232 terminating, can not connect
Child with pid 3580 terminating, can not connect
0
Comment
Question by:amstoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 38830975
it looks like part of the error msg as depicted in hydra codes in mssql func.
https://github.com/ggd543/hydra/blob/master/hydra-5.9-src/hydra-mssql.c

E.g. hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());

The PID is referring to the socket threads it spawn off to get connection open to mssql ports. The threads on attempts to perform these commands failed and leading to the a./m msg

sock = hydra_connect_tcp(ip, myport);
OR
sock = hydra_connect_ssl(ip, mysslport);

I was suspecting that if we just use single IP address on that same MSSQL server DB instance, it is failing as well. If so, then MS SQL may be having some authentication configured into it such as Windows Auth (kerberos) which is default or simple DB cred login which is supposed to be what Hydra is testing against...
0
 

Author Closing Comment

by:amstoots
ID: 38831241
Ok,  that makes sense -  thanks for the help...
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question