PDA

Просмотр полной версии : Hydra нашла пароль, но не подходит


borisyuminov
03.08.2015, 18:20
Заранее извиняюсь, если вопрос тупой. Но..

Есть сайт на Magento

напустил на него гидру.

(http, 80-й порт)

Гидра пишет, что успешно нашла пароли, но они не подходят ни к пользовательскому акку ни к админскому. Настораживает что как-то сильно много паролей она нашла валидных

Админка - по адресу сайт/index.php/admin

Вот лог гидры:


Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:17:44

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: yourname password: yourpass

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:19:04

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: yourname password: admin

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:19:34

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: admin

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:20:33

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: george

0 login: admin password: superman

[80][www] host: 64.xx.xx.xx login: admin password: pepper

[80][www] host: 64.xx.xx.xx login: admin password: 111111

[80][www] host: 64.xx.xx.xx login: admin password: sparky

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: wizard

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: tigger

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:04

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: password

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: tigger

[80][www] host: 64.xx.xx.xx login: admin password: monkey

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: dakota

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: iceman

[80][www] host: 64.xx.xx.xx login: admin password: aaaaaa

[80][www] host: 64.xx.xx.xx login: admin password: daniel

[80][www] host: 64.xx.xx.xx login: admin password: sexy

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: access

[80][www] host: 64.xx.xx.xx login: admin password: black

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: jackson

[80][www] host: 64.xx.xx.xx login: admin password: michelle

[80][www] host: 64.xx.xx.xx login: admin password: dick

[80][www] host: 64.xx.xx.xx login: admin password: nicole

[80][www] host: 64.xx.xx.xx login: admin password: patrick

[80][www] host: 64.xx.xx.xx login: admin password: sunshine

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:26

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: password

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: pass

[80][www] host: 64.xx.xx.xx login: admin password: batman

[80][www] host: 64.xx.xx.xx login: admin password: access

[80][www] host: 64.xx.xx.xx login: admin password: taylor

[80][www] host: 64.xx.xx.xx login: admin password: asshole

[80][www] host: 64.xx.xx.xx login: admin password: golfer

[80][www] host: 64.xx.xx.xx login: admin password: hello

[80][www] host: 64.xx.xx.xx login: admin password: iceman

login: admin password: matthew

[80][www] host: 64.xx.xx.xx login: admin password: jackson

[80][www] host: 64.xx.xx.xx login: admin password: sparky

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:51

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: 12345

[80][www] host: 64.xx.xx.xx login: admin password: master

[80][www] host: 64.xx.xx.xx login: admin password: 6969

[80][www] host: 64.xx.xx.xx login: admin password: fuckme

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: love

[80][www] host: 64.xx.xx.xx login: admin password: william

[80][www] host: 64.xx.xx.xx login: admin password: panties

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: orange

[80][www] host: 64.xx.xx.xx login: admin password: silver

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: please

[80][www] host: 64.xx.xx.xx login: admin password: black

[80][www] host: 64.xx.xx.xx login: admin password: andrea

[80][www] host: 64.xx.xx.xx login: admin password: chelsea

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:25:55

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 12345

login: admin password: shadow

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: superman

ogin: admin password: diamond

[80][www] host: 64.xx.xx.xx login: admin password: william

login: admin password: freedom

[80][www] host: 64.xx.xx.xx login: admin password: taylor

[80][www] host: 64.xx.xx.xx login: admin password: bailey

login: admin password: iceman

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:29:27

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: baseball

[80][www] host: 64.xx.xx.xx login: admin password: pass

[80][www] host: 64.xx.xx.xx login: admin password: jordan

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: summer

[80][www] host: 64.xx.xx.xx login: admin password: yankees

[80][www] host: 64.xx.xx.xx login: admin password: ashley

[80][www] host: 64.xx.xx.xx login: admin password: blowjob

60 login: admin password: bailey

[80][www] host: 64.xx.xx.xx login: admin password: dick

[80][www] host: 64.xx.xx.xx login: admin password: morgan

[80][www] host: 64.xx.xx.xx login: admin password: andrea

[80][www] host: 64.xx.xx.xx login: admin password: cameron

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:29:41

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 1234

: admin password: 12345678

[80][www] host: 64.xx.xx.xx login: admin password: abc123

0 login: admin password: 1111

[80][www] host: 64.xx.xx.xx login: admin password: test

[80][www] host: 64.xx.xx.xx login: admin password: martin

login: admin password: yellow

[80][www] host: 64.xx.xx.xx login: admin password: guitar

60 login: admin password: freedom

[80][www] host: 64.xx.xx.xx login: admin password: patrick

.60 login: admin password: austin

1 of 1 target successfully completed, 125 valid passwords found

Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-03 11:29:45

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:32:59

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:33:02

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: abc123

[80][www] host: 64.xx.xx.xx login: admin password: dragon

1 of 1 target successfully completed, 5 valid passwords found

Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-03 11:33:35

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:17:44

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: yourname password: yourpass

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:19:04

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: yourname password: admin

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:19:34

[DATA] 1 task, 1 server, 1 login try (l:1/p:1), ~1 try per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: admin

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:20:33

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: george

0 login: admin password: superman

[80][www] host: 64.xx.xx.xx login: admin password: pepper

[80][www] host: 64.xx.xx.xx login: admin password: 111111

[80][www] host: 64.xx.xx.xx login: admin password: sparky

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: wizard

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: tigger

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:04

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: password

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: tigger

[80][www] host: 64.xx.xx.xx login: admin password: monkey

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: dakota

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: iceman

[80][www] host: 64.xx.xx.xx login: admin password: aaaaaa

[80][www] host: 64.xx.xx.xx login: admin password: daniel

[80][www] host: 64.xx.xx.xx login: admin password: sexy

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: access

[80][www] host: 64.xx.xx.xx login: admin password: black

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: jackson

[80][www] host: 64.xx.xx.xx login: admin password: michelle

[80][www] host: 64.xx.xx.xx login: admin password: dick

[80][www] host: 64.xx.xx.xx login: admin password: nicole

[80][www] host: 64.xx.xx.xx login: admin password: patrick

[80][www] host: 64.xx.xx.xx login: admin password: sunshine

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:26

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: password

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: pass

[80][www] host: 64.xx.xx.xx login: admin password: batman

[80][www] host: 64.xx.xx.xx login: admin password: access

[80][www] host: 64.xx.xx.xx login: admin password: taylor

[80][www] host: 64.xx.xx.xx login: admin password: asshole

[80][www] host: 64.xx.xx.xx login: admin password: golfer

[80][www] host: 64.xx.xx.xx login: admin password: hello

[80][www] host: 64.xx.xx.xx login: admin password: iceman

login: admin password: matthew

[80][www] host: 64.xx.xx.xx login: admin password: jackson

[80][www] host: 64.xx.xx.xx login: admin password: sparky

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:24:51

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 123456

[80][www] host: 64.xx.xx.xx login: admin password: 12345

[80][www] host: 64.xx.xx.xx login: admin password: master

[80][www] host: 64.xx.xx.xx login: admin password: 6969

[80][www] host: 64.xx.xx.xx login: admin password: fuckme

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: love

[80][www] host: 64.xx.xx.xx login: admin password: william

[80][www] host: 64.xx.xx.xx login: admin password: panties

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: orange

[80][www] host: 64.xx.xx.xx login: admin password: silver

[80][www] host: 64.xx.xx.xx login: admin password: biteme

[80][www] host: 64.xx.xx.xx login: admin password: please

[80][www] host: 64.xx.xx.xx login: admin password: black

[80][www] host: 64.xx.xx.xx login: admin password: andrea

[80][www] host: 64.xx.xx.xx login: admin password: chelsea

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:25:55

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 12345

login: admin password: shadow

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: fuckyou

[80][www] host: 64.xx.xx.xx login: admin password: cameron

[80][www] host: 64.xx.xx.xx login: admin password: superman

ogin: admin password: diamond

[80][www] host: 64.xx.xx.xx login: admin password: william

login: admin password: freedom

[80][www] host: 64.xx.xx.xx login: admin password: taylor

[80][www] host: 64.xx.xx.xx login: admin password: bailey

login: admin password: iceman

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:29:27

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: pussy

[80][www] host: 64.xx.xx.xx login: admin password: mustang

[80][www] host: 64.xx.xx.xx login: admin password: baseball

[80][www] host: 64.xx.xx.xx login: admin password: pass

[80][www] host: 64.xx.xx.xx login: admin password: jordan

[80][www] host: 64.xx.xx.xx login: admin password: thomas

[80][www] host: 64.xx.xx.xx login: admin password: buster

[80][www] host: 64.xx.xx.xx login: admin password: summer

[80][www] host: 64.xx.xx.xx login: admin password: yankees

[80][www] host: 64.xx.xx.xx login: admin password: ashley

[80][www] host: 64.xx.xx.xx login: admin password: blowjob

60 login: admin password: bailey

[80][www] host: 64.xx.xx.xx login: admin password: dick

[80][www] host: 64.xx.xx.xx login: admin password: morgan

[80][www] host: 64.xx.xx.xx login: admin password: andrea

[80][www] host: 64.xx.xx.xx login: admin password: cameron

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:29:41

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: 1234

: admin password: 12345678

[80][www] host: 64.xx.xx.xx login: admin password: abc123

0 login: admin password: 1111

[80][www] host: 64.xx.xx.xx login: admin password: test

[80][www] host: 64.xx.xx.xx login: admin password: martin

login: admin password: yellow

[80][www] host: 64.xx.xx.xx login: admin password: guitar

60 login: admin password: freedom

[80][www] host: 64.xx.xx.xx login: admin password: patrick

.60 login: admin password: austin

1 of 1 target successfully completed, 125 valid passwords found

Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-03 11:29:45

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:32:59

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

Hydra v7.6 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-03 11:33:02

[DATA] 128 tasks, 1 server, 500 login tries (l:1/p:500), ~3 tries per task

[DATA] attacking service http-head on port 80

[WARNING] http-head auth does not work with every server, better use http-get

[80][www] host: 64.xx.xx.xx login: admin password: abc123

[80][www] host: 64.xx.xx.xx login: admin password: dragon

1 of 1 target successfully completed, 5 valid passwords found

Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-03 11:33:35

Rebz
03.08.2015, 18:32
убери в спойлер свою простыню, нафига такой длинный пост делать?

faza02
03.08.2015, 18:36
↑ (https://antichat.live/posts/3875940/)
убери в спойлер свою простыню, нафига такой длинный пост делать?


чтобы никто не отвечал

видимо, у вас ложные срабатывания, значит нужно другое слово, на которое будет реагировать при входе

borisyuminov
03.08.2015, 18:39
т.е. не admin, а что-то другое. ок, попробуем.