Shubham's blog

Information is power. Information gathering is the most crucial part of penetration testing. Tracking targets IP address, browser, Operating Systems, social media accounts are the primary step.

There are many tools are available to do this, nut in this tutorial we learn the use of Trape. Trape is written in python, it is a footprinting tool. Trape can help us by getting the IP address, OS, social media accounts by a single click of them.

It also can perform phishing and browser hooking attacks.

Trape doesn’t come pre-installed with Kali Linux, we need to clone it from github repository.

So open our terminal window and type following command and press enter.

git clone https://github.com/jofpin/trape

The screenshot of the command is the following:

This is not a large tool, trape needs a few seconds to download. After the download is complete we need to go to trape’s directory using cd command and then we check the files using ls command. Here we are going to join those commands in a single command using && like this :

cd trape && ls

The screenshot is following:

pip install -r requirements.txt

The screenshot is following:

Now we can run the python script and check the options by using the simple command as following:

python trape.py -h

The screenshot is following:

Here we must need to use Ngrok token. The older tutorials on the internet will not work here. In the older versions of tape, we can use it without ngrok(offline mode) but we can add ngrok, in this new version ngrok is a must. Here comes a question.
What is this Ngrok?
Ngrok is a tool that makes a tunnel that we can access our localhost on the internet.

So we need to go ngrok.com and sign up.

After sign up we get the API key in the auth sidebar,screenshot is following.

Now copy the API token and come back to the terminal and paste the token. Now this will ask for Google Maps API token, to get follow this guide and paste the API key of Google map, this will help to get the location. Sorry, I cant show my Google map’s API token for security reason so no screenshot for this one. This API tokens are needed for first-time configuration only.

After pasting Google map’s API this will ask for a URL. Target will see this url’s website after clicking our link, as the following screenshot.

We are using https://www.google.com for an example or we can use any other link.
Then Trape will ask for the port here type 80 (port for http) and press enter.
After doing this Trape will open like the screenshot below:

We can choose the lure URLs to catch targets in our local network or public internet. We can see the information of the target in the control panel link.
Screenshot of the control panel is the following:

Control panel can be accessed with the access key. For better result in the public internet, we can use a URL shortener to hide the ngrok URL. All done now wait for targets click, whenever target clicks on the link we got the information of the target.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add.

This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

xHydra is the graphical version of hydra, and it is easy to use. Hydra and xHydra come pre-installed in Kali Linux.

Hydra supports Cisco AAA, Cisco auth, Cisco enables, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Hydra works in 4 modes:

• One username & one password
• User-list & One password
• One username & Password list
• User-list & Password list

We can check the options of hydra by using the following command in our Kali Linux terminal:

hydra -h

The screenshot of the command is the following:

We need a username of the list of usernames and a password or list of passwords to log in on web services. We can found the wordlist files in the /usr/share/wodlists directory of Kali Linux.
If we want to make custom wordlists then we can use crunch.
For a ftp login in our localhost we can use the following command:

hydra -l username -p password ftp://192.168.IP.add

The screenshot is following:

Here we have used flags -l and -p for single username and password but we also can use -L and -P for wordlists of username and password.

Then the command will be like following:

hydra -L /path/of/usernames.txt -P /path/of/pasword.txt ftp://192.168.1.1

In the way of cybersecurity after scanning with nmap if we find FTP port is open then we can try hydra to brute force the FTP login.

xHydra — Hydra with a graphical interface

There is a graphical version of hydra, it’s called xHydra. It is also comes pre-installed in our Kali Linux machine.

You can open xHydra from the Kali Linux terminal by using xhydra command:

xhydra

This command will open the xhydra as we can see in the following screenshot:

The above screenshot is xhydra’s target tab. Let’s know about all the tabs and it works.

• Target – Specify the target
• Passwords – Specify password options & wordlists
• Tuning – Specify how fast should hydra work. Other timing options also available.
• Specific – For testing on specific targets like a domain, https proxy etc.
• Start – Start and Stop the attack & shows the output.

In the following screenshot, we have selected a target and a protocol in the target tab.

Then in the passwords tab, we can enter a username or a username list and a password or a password list. Check the example in the following screenshot:

Then comes the tuning tab, we put 1 in the field of “no. of tasks”

Then we go to the “Start” tab and choose the start option on the bottom-left corner. The screenshot is following:

Then the process will be started. Whenever xHydra cracks the SSH we can see the username and password below, as shown in the following screenshot:

This is how we can brute-force online passwords using hydra and xHydra in Kali Linux. This is a very old and useful tool for penetration testers.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.