OK. How do we verify that? Here is what I assume should be a clean, isolated test of just Hydra.
My config is this: nessus 2.0.6a with latest plugins redhat linux 7.3 that is "up2date" I "zeroed out" the nessusd log file and set log_plugins_name_at_load = yes in the nessusd.conf started nessusd -D And "grep'd" out the interesting stuff from that log file: [EMAIL PROTECTED] nessus]$ sudo grep find_service /usr/local/var/nessus/logs/nessusd.messages [Fri Jun 20 09:47:45 2003][24564] Loading find_service.nes [Fri Jun 20 09:47:45 2003][24564] Loading find_service2.nasl [EMAIL PROTECTED] nessus]$ sudo grep -i hydra /usr/local/var/nessus/logs/nessusd.messages [Fri Jun 20 09:47:45 2003][24564] Loading DDI_Enhydra_Default.nasl [Fri Jun 20 09:47:45 2003][24564] Loading hydra.nes [EMAIL PROTECTED] nessus]$ Then I started nessus & logged in, making the following selections: Under "Plugins" disabled all plugins enabled Brute Force Login (within Misc.) enabled add dependencies at runtime Under "Prefs." selected an existing and readable set of logins and passwords files selected "Brute force telnet" Under "Scan options" un-selected all the "Port scanning" buttons Under "Target Selection" selected a single host (192.168.0.6) that is in fact running telnet and responds to "pings" Here are excerpts from the ~/.nessusrc file: [EMAIL PROTECTED] hendrick]$ grep find_service .nessusrc [EMAIL PROTECTED] hendrick]$ grep -i hydra .nessusrc Brute force login (Hydra)[entry]:Number of simultaneous connections : = 5 Brute force login (Hydra)[checkbox]:Brute force telnet = yes Brute force login (Hydra)[checkbox]:Brute force FTP = no Brute force login (Hydra)[checkbox]:Brute force POP3 = no Brute force login (Hydra)[checkbox]:Brute force IMAP = no Brute force login (Hydra)[checkbox]:Brute force cisco = no Brute force login (Hydra)[checkbox]:Brute force VNC = no Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no Brute force login (Hydra)[checkbox]:Brute force rexec = no Brute force login (Hydra)[checkbox]:Brute force NNTP = no Brute force login (Hydra)[checkbox]:Brute force HTTP = no Brute force login (Hydra)[checkbox]:Brute force ICQ = no Brute force login (Hydra)[checkbox]:Brute force PCNFS = no Brute force login (Hydra)[checkbox]:Brute force SMB = no Brute force login (Hydra)[checkbox]:Brute force cisco-enable = no Brute force login (Hydra)[checkbox]:Brute force LDAP = no Brute force login (Hydra)[file]:Logins file : = /home/hendrick/logins.txt Brute force login (Hydra)[file]:Passwords file : = /home/hendrick/passwords.txt Brute force login (Hydra)[entry]:Web page to brute force : = [EMAIL PROTECTED] hendrick]$ and the two text files: [EMAIL PROTECTED] hendrick]$ ls -al /home/hendrick/logins.txt /home/hendrick/passwords.txt -rw-rw---- 1 hendrick hendrick 9 May 8 11:21 /home/hendrick/logins.txt -rw-rw---- 1 hendrick hendrick 28 May 8 11:21 /home/hendrick/passwords.txt [EMAIL PROTECTED] hendrick]$ Then I started "tcpdump host 192.168.0.6" on the scanning system and started the nessus scan (no packets were sent to the target) Here is the logfile of that scan: [Fri Jun 20 09:50:45 2003][24565] connection from 127.0.0.1 [Fri Jun 20 09:50:45 2003][24577] Client requested protocol version 12. [Fri Jun 20 09:50:45 2003][24577] successful login of hendrick from 127.0.0.1 [Fri Jun 20 09:50:53 2003][24577] Redirecting debugging output to /usr/local/var/nessus/logs/nessusd.dump [Fri Jun 20 09:51:20 2003][24577] user hendrick starts a new attack. Target(s) : 192.168.0.6, with max_hosts = 30 and max_checks = 10 [Fri Jun 20 09:51:20 2003][24577] user hendrick : testing 192.168.0.6 (192.168.0.6) [24578] [Fri Jun 20 09:51:20 2003][24578] user hendrick : new KB will be saved as /usr/local/var/nessus/users/hendrick/kbs/192.168.0.6 [Fri Jun 20 09:51:20 2003][24578] user hendrick : launching hydra.nes against 192.168.0.6 [24579] [Fri Jun 20 09:51:20 2003][24578] hydra.nes (process 24579) finished its job in 0.010 seconds [Fri Jun 20 09:51:20 2003][24578] Finished testing 192.168.0.6. Time : 0.08 secs [Fri Jun 20 09:51:20 2003][24577] user hendrick : test complete [Fri Jun 20 09:51:20 2003][24577] user hendrick : Kept alive connection So? Is *it* broken or am *I* missing something :-/ Thanks, Jim > -----Original Message----- > From: Renaud Deraison [mailto:[EMAIL PROTECTED] > Sent: Friday, June 20, 2003 9:15 AM > To: [EMAIL PROTECTED] > Subject: Re: how to use Hydra plugin in nessus > > > On Fri, Jun 20, 2003 at 11:56:52AM +0100, Harish Gondavale wrote: > > Hi, > > > > My experince is hydra doesn't work with new Nessus. It > > works only with 1.X. > > It works fine here. Make sure that find_services is run. >
