thc-hydra
thc-hydra copied to clipboard
Published
20 hours ago •
vanhauser-thc
vanhauser-thc
Unable to find valid credentials for RDP service with empty password
Running hydra 9.2-1 on Manjaro 21.1.6.
I'm trying to use hydra for a basic HackTheBox task. There is RDP service running on Windows machine with "Administrator" username and no password. Running hydra with:
$ hydra -v -L wl.txt -en rdp://10.129.253.25
Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-27 15:45:13
[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover
[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)
[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.
[DATA] max 4 tasks per 1 server, overall 4 tasks, 5 login tries (l:5/p:1), ~2 tries per task
[DATA] attacking rdp://10.129.253.25:3389/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[STATUS] attack finished for 10.129.253.25 (waiting for children to complete tests)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[VERBOSE] Disabled child 2 because of too many errors
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[VERBOSE] Disabled child 3 because of too many errors
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-27 15:45:15
wl.txt:
Admin
User
Andrzej
Administrator
Valid credential is not found by hydra, but I can login with:
xfreerdp /v:10.129.253.39 /u:Administrator
thanks for reporting. can you recompile from the repo and see if the fix works?
Same behavior on master branch.
$ ./hydra -v -L ../wl.txt -en rdp://10.129.1.13
Hydra v9.3-dev (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-10-27 17:49:21
[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover
[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)
[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 4 tasks per 1 server, overall 4 tasks, 5 login tries (l:5/p:1), ~2 tries per task
[DATA] attacking rdp://10.129.1.13:3389/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[STATUS] attack finished for 10.129.1.13 (waiting for children to complete tests)
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[VERBOSE] Disabled child 0 because of too many errors
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
[VERBOSE] Disabled child 2 because of too many errors
[ERROR] freerdp: Credentials invalid or missing. (0x0002001b)
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-10-27 17:49:34
are you sure you are using the correct binary? because it works for me.
Running in to the same issue, either "freerdp: init failed" or these random credential errors. Even with -w 1 -t 1 -T 1 it still stops producing results that it should.
It works with 1-3 IPs in a list, but give it more than 10 and this starts happening. After 100 IPs in a list - it fails to initialize
used:
apt install freerdp* to grab every possible freerdp lib, + libfree*
Recompiled v9.3, Used Kali provided v9.2, Tried on three different machines (baremetal, vm, container)
