Hydra - Network Logon Cracker


Hydra is a brute force online password cracking tool, a very fast network logon cracker that supports many different services. Hydra is a command line tool, however, it has a GUI version called xhydra.


Hydra has the ability to brute force the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.


You can check the official Kali Linux Hydra tool page for more information - https://en.kali.tools/?p=220


Installation

Hydra comes pre-installed in Kali Linux, but if you are using any other Linux distro then,

Usage

To check the Syntax for Hydra's CLI version, one can use the help command i.e., hydra -h.


Commands

Flags to use depends on the service or protocol you want to use on. For example, 
  • We need to brutefore FTP protocol. We have the information that the username is hackhunt and we need to find the password.
hydra -l hackhunt -P <password_wordlist.txt> ftp://<TARGET_IP>
  • For SSH. Suppose in this case we don't know the username or password and need to brute force both.
hydra <TARGET_IP> ssh -L <username_wordlist.txt> -P <password_wordlist.txt>

Important Flags to know:

Flag Description
-l specify a single username
-L specify wordlist for usernames
-p specify a single password
-P specify wordlist for passwords
-t specifies the number of threads to use
-s specify the port, which can be used when the service is not running on the default port.
-V Verbose output for every attempt

Hydra can also work with post-web-form. Check the documentation for more information about it. 

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment