
				H Y D R A

			(c) 2001 by van Hauser / THC
	    <vh@reptile.rug.ac.be> http://www.hackerschoice.com


INTRODUCTION
------------
Number one of the biggest security holes are passwords, as every password
security study shows.
This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized
access from remote to a system.
THIS TOOL IS FOR LEGAL PURPOSES ONLY!
FOR USING THIS TOOL COMMERCIALLY, SEE THE LICENCE FILE!

There are already several login hacker tools available, however none does
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports TELNET, FTP, POP3, IMAP, HTTP basic and cisco
authentication only, however the module engine for new services is very easy
so it won't take a long time until more services are supported.
Planned are: SSH, SAMBA, PCNFS, R-services, and more.
Additionally, password only protocols will be supported in the future:
SNMP, RIP, OSPF and others.


HOW TO USE
----------
Type "make" to compile hydra and then "./hydra -h" to see the commandline
options.
Note that NO login/password file is included yet. Generate one yourself.


SPEED
-----
through the parallizing feature, this password cracker tool can be very
fast, however it depends on the protocol. The fastest is generally POP3,
then FTP, then Telnet, and the least IMAP.
Experiment with the task option (-t) to speed thinks up! The higher - the
faster ;-) (but too high, and it disables the service)
To prevent disabling you can now use the -g option for "slow-starts".


STATISTICS
----------
Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing
295 entries (294 tries invalid logins, 1 valid).

			P A R A L L E L    T A S K S
SERVICE	1	4	8	16	32	50	64	100	128
------- --------------------------------------------------------------------
telnet	23:20	5:58	2:58	1:34	1:05	0:33	0:45*	0:25*	0:55*
ftp	45:54	11:51	5:54	3:06	1:25	0:58	0:46	0:29	0:32
pop3	92:10	27:16	13:56	6:42	2:55	1:57	1:24	1:14	0:50
imap	31:05	7:41	3:51	1:58	1:01	0:39	0:32	0:25	0:21

(*)
Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with
128 tasks, running four times resulted in timings between 28 and 97 seconds!
The reason for this is unknown...

guesses per task (rounded up):
	295	74	38	19	10	6	5	3	3

guesses possible per connect (depends on the server software and config):
	telnet	4
	ftp	6
	pop3	1
	imap	3


BUGS & FEATURES
---------------
Email me if you find bugs or if you have written a new module.
vh@reptile.rug.ac.be
