Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hydra Help

From: xyberpix <xyberpix () xyberpix com>
Date: Wed, 7 Apr 2010 08:45:28 +0100
Try using

hydra -l username -p password(text) -o output.txt -v -V xxx.xxx.xxx.xxx service smtp-auth

or 

hydra -l username -p password(text) -o output.txt -v -V xxx.xxx.xxx.xxx service smtp-auth -ntlm

xyberpix

On 3 Apr 2010, at 14:47, maash.rajani () gmail com wrote:


I just started using Hydra. Got a successful authentication over a pop3 service.

Trying the same username and password over the smtp service using hydra's "smtp-auth" module.

My understanding was hydra can try dictionary attack over an smtp service which uses NTLM hashing, my enumerationg 
results over the listening smtp confirms that it uses NTLM authen type.



Yet using Hydra gives me the following results:



command: hydra -l username -p password(text) -o output.txt -v -V xxx.xxx.xxx.xxx



Output Error: SMTP AUTH LOGIN error: 504 5.7.4 unrecognized authentication type 

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: