XBRUTE – Hydra automated wizard

Hello everyone~

This is IRISnoir from Hackingarise. Bringing to you another one of our tutorials. This one is about how to use a hand-made hydra script.

That script is made by me. I feel proud as this is the first ever script that I ever made and share. And as it is my first script that I crafted, the code may look bad, so don’t focus on that and criticise me. Just focus on its functionality. This is the GitHub link to my tool. I hope you can enjoy it as much as I enjoy making it.

Now, what you need to pre-install are:
git to clone the tool into your folder
python to execute the tool as its language is Python after all

Once you get that all o’ those bad bois installed, it’s time for the real deal.

First, clone the tool via:
git clone https://github.com/IRISnoir/xbrute

Then, you may execute the tool with:
python xbrute/xbrute.py

Then it will install 2 more tools: hydra(obviously), and toilet(for the fancy splash message)

Now, fill in the information like you’re being interrogated or interviewed. This includes server name, user login, protocol and port, etc.. I tried to make it as user-friendly as possible.

Remember, the * at the start of each question means that it must be filled in like the server name, protocol type, and more… Others can either be left blank or will have a default value just like the decision to write your successful cracks into a file.

When you reach the part where it asks for a bruting method, this question fits most: What is the difference between hydra-wizard and your tool, xbrute?
The answer is simple, it uses the technique where it DOESN’T require a password list. It can automate cracking and make it easier.

At option [1]: You can brute with random characters of the minimum and maximum length of your choice. The chance of this successing is less than 10% but there is ALWAYS a chance, however small it is, that you can crack open an account. If you provide a file as login for mass bruteforce, it will become wild and give you a better chance at breaking at least 1 login. If the password is in there, of course.

Now, onto option [2]: Now, this is the overpowered part of the whole script. All you need is the patience. Well, the password has to be all numbers and has to start with a ‘1’ or above. If the conditions meet, the chance of success will be 100%. You just need to wait. Very cool and overpowered, I know.

Almost there, we have option number [3]: This is like option [1] and [2] combined. This is a total wildcard just like [1]. And it’s a number generator, just like [2]. It’s self explanatory. It’s basically a gamble. You can gamble with time. You can either get faster cracking with luck of course. But in return, if you get extremely unlucky, then the time wasted will be even longer than using option [2].

Finally, option [4] is the standard file specification that Hydra uses. Where you download a wordlist and use it on your logins. Downloading a wordlist is feasible. The probability of success depends. Just like old times. This is the only option that requires good storage.

And there you go, you are pretty much good. It is user-friendly and you just answer question instead of typing the command out.

DISCLAIMER: Do NOT engage in illegal activities as Hackingarise is NEVER responsible for any of your malicious acts or any trouble you get yourself into. So stay safe, stay ethical. Have a nice day.

You can check more about Hydra here.

pentester

Leave a Reply

Your email address will not be published. Required fields are marked *