Hydra - Network Logon Cracker

Hydra is a brute force online password cracking tool, a very fast network logon cracker that supports many different services. Hydra is a command line tool, however, it has a GUI version called xhydra.

Hydra has the ability to brute force the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

You can check the official Kali Linux Hydra tool page for more information - https://en.kali.tools/?p=220


Hydra comes pre-installed in Kali Linux, but if you are using any other Linux distro then,


To check the Syntax for Hydra's CLI version, one can use the help command i.e., hydra -h.


Flags to use depends on the service or protocol you want to use on. For example, 
  • We need to brutefore FTP protocol. We have the information that the username is hackhunt and we need to find the password.
hydra -l hackhunt -P <password_wordlist.txt> ftp://<TARGET_IP>
  • For SSH. Suppose in this case we don't know the username or password and need to brute force both.
hydra <TARGET_IP> ssh -L <username_wordlist.txt> -P <password_wordlist.txt>

Important Flags to know:

Flag Description
-l specify a single username
-L specify wordlist for usernames
-p specify a single password
-P specify wordlist for passwords
-t specifies the number of threads to use
-s specify the port, which can be used when the service is not running on the default port.
-V Verbose output for every attempt

Hydra can also work with post-web-form. Check the documentation for more information about it. 

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment