?
Solved

Hydra Command line , Question

Posted on 2013-01-28
2
Medium Priority
?
2,684 Views
Last Modified: 2013-01-29
Hello Expert,
I have been attempting to use Hydra-THC for the past few days to scan for Exposed Microsoft SQL databases on our network.  I am using 3 different .txt files (username, passwords, and iplist files) in the following syntax agreement “  >hydra –L  usernames.txt  -P  passwords.txt  -M  iplist.txt  -e ns  -v  mssql ”.  to scan for databases. Instead of getting brute Force attempts I get error messages. Does anybody have idea what I may be doing wrong….. I running Hydra on WinXP SP3 machine w/all the latest updates
Error Message
C:\Documents and Settings\User\Desktop\hydra-7.3-windows\hydra-7.3>hydra -L
usernames.txt -P dic.txt -t 1 -e ns -M iplist.txt mssql
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2013-01-28 11:53:27
[WARNING] Restorefile (./hydra.restore) from a previous session found, to preven
t overwriting, you have 10 seconds to abort...
[DATA] 1 task, 13 servers, 554933 login tries (l:19/p:29207), ~7214129 tries per
 task
[DATA] attacking service mssql on port 1433
Child with pid 2568 terminating, can not connect
Child with pid 5900 terminating, can not connect
Child with pid Child with pid 55802212 terminating, can not conn
ect terminating, can not connect
Child with pid Child with pid 36325088 terminating, can not conn
ect terminating, can not connect

Child with pid 1760 terminating, can not connect
Child with pid 5128 terminating, can not connect
Child with pid 2252 terminating, can not connect
Child with pid 2408 terminating, can not connect
Child with pid Child with pid Child with pid 60525880298
4 terminating, can not connect
 terminating, can not connect terminating, can not connect
Child with pid 5428 terminating, can not connect
Child with pid 2544 terminating, can not connect
Child with pid 4660 terminating, can not connect
Child with pid 2064 terminating, can not connect
Child with pid 4420 terminating, can not connect
Child with pid 5416 Child with pid Child with pid  termin
ating, can not connect54442808 terminating, can not connect
 terminating, can not connect
Child with pid 3152 terminating, can not connect
Child with pid 3232 terminating, can not connect
Child with pid 3580 terminating, can not connect
0
Comment
Question by:amstoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 38830975
it looks like part of the error msg as depicted in hydra codes in mssql func.
https://github.com/ggd543/hydra/blob/master/hydra-5.9-src/hydra-mssql.c

E.g. hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int) getpid());

The PID is referring to the socket threads it spawn off to get connection open to mssql ports. The threads on attempts to perform these commands failed and leading to the a./m msg

sock = hydra_connect_tcp(ip, myport);
OR
sock = hydra_connect_ssl(ip, mysslport);

I was suspecting that if we just use single IP address on that same MSSQL server DB instance, it is failing as well. If so, then MS SQL may be having some authentication configured into it such as Windows Auth (kerberos) which is default or simple DB cred login which is supposed to be what Hydra is testing against...
0
 

Author Closing Comment

by:amstoots
ID: 38831241
Ok,  that makes sense -  thanks for the help...
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question