Forum Thread: Hydra Attack 0 Passwords Found

I tried to use hydra i run this commands on Gmail and on Yahoo and it does not work for me maybe someone have an explanation ...

this is the commands i typed:
hydra -l "someone"@yahoo/Gmail.com -P {wordlist} -e ns -s 465/587 -S -v -V -t 1 smtp.mail.yahoo/Gmail.com smtp

21 Responses

I'm a noob in Terms of hacking and I don't even know what Hydra is but here's an idea:

Maybe the Password you try to crack isn't within the range of the wordlist you use. Try using another wordlist. If that does not work, try bruteforcing.

the password is in the wordlist i putted the correct password in the wordlist i just wanted to check how it's work..

Ah, if Hydra was enough to hack Gmail...

Are your tests based on the assumption that there are attempts restrictions?

Yeah i guess so, i mean like there's nothing stopping them for making an attempt restriction and stop hackers from being able to bruteforce, right?

smtp.mail.yahoo/Gmail.com smtp

Gmail uses a another smtp server. Its 'smtp.gmail.com'
What do you get if you try that one out?

i typed in the terminal

  1. smtp.mail.yahoo.com
  2. smtp.gmail.com

yes , ITEV WHO i tried to do it , same problem(0 passwords found) :-(

What port you used? They either changed the port or the SMTP Address

when i used Gmail i typed 465
and the yahoo 587

Obviously Gmail and other Email services aren't fool.

They have preventions from brute force attacks. Gmail, Ymail will block your IP after several login attempts. If your lucky you might get the password before the your IP is blocked. They have particular no. of attempts after those all fails, it blocks the IP.

use a dynamic ip so you ip still wil be change

you will have 10 chance to do it on yahoo and about 100 chance in gmail so make your wordlist simple and small!

fun thing is that yahoo is smaller and has better security than gmail.

-Phoenix750

exactly but with soical eng you can do it in yahoo much easier than gmail cuz once iwanted hack my math tech :P sec question was where he married his wife that was super simple well i didnt hack him cuz it woulda be crime if he would relise since i think he is bit smart :D but come one getting all exams was good reward :D

As! Far! As! I! Remember! Yahoo! Had! Some! Leaks! Though! Not! Sure!

Yeah but keep in mind that google will notify the real logged in user and it will tell you that the pass is wrong unless you have the code from the real user phone or whatever, so even if you bruteforce the pass and find it gmail wont let you login, the game is getting harder, Fucking security

They notify the user, so what?! that doesn't prevent hackers from gaining access to your gmail account if they got the password within 150 attempts, wouldn't it?

-Phoenix750

Even if you found the password you cant access the account or look into the emails unless an authenticated user or device gave you the permission

that makes more sense indeed.

-Phoenix750

yes its stil getting harder but ther are always ways to rome ;D

Yahoo still not working, are there any solution ??

Sadly (or not) the smtp.gmail server identifies the hydra pinging and return falses negatives. Sametime the e-mail owner receive a mail adverting about the attack. Maybe still work with other mail services. I'm trying to find a solution as well.

Share Your Thoughts

  • Hot
  • Active