Hydra – Brute Force Techniques

Hydra is a powerful authentication brute forcing tools for many protocols and services. In this tutorial, I will be showing how to brute force logins for several remote systems.

Basic Hydra usage hydra <Username options> <Password options> <Options> <IP Address> <Protocol> -V -f

Supported Services adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Options -l  Single Username -L Username list -p Password -P Password list -t Limit concurrent connections -V Verbose output -f Stop on correct login -s Port

In the examples below, you will see the service, Command, and an example screenshot. Found credentials will be in green.

SSH hydra -L usernames.txt -P passwords.txt ssh -V

FTP hydra -L usernames.txt -P passwords.txt ftp -V -f

SMB hydra -L usernames.txt -P passwords.txt smb -V -f

VNC hydra -P passwords.txt vnc -V

Postgresql hydra -L usernames.txt -P passwords.txt postgres -V

Telnet hydra -L usernames.txt -P passwords.txt telnet -V

Recent Posts

See All

Nikto Cheatsheet

Nikto is a powerful assessment tools for finding vulnerabilities in web servers. Scanning a host Nikto -h <Hostname/IP> Scanning specific ports Nikto -h <Hostname/IP> -port <Port Number>,<Port Number>