hydra
Hydra (8.6k β) is a well-known tool to brute force authentication services such SSH, FTP, RDP, MySQL... It can even be used on login forms too, but that's uncommon.
$ wordlist=/usr/share/wordlists/rockyou.txt
# use ssh, ftp...
$ hydra -l username -P $wordlist ssh://IP
$ hydra -l username -P $wordlist ssh://IP:port
$ hydra -l username -P $wordlist ftp://IP
$ hydra -l username -P $wordlist rdp://IP
$ hydra -l xxx@xxx.xxx -P $wordlist smtp://IP
$ [...]
# alternate form
$ hydra -l username -P $wordlist IP ssh -s port
β‘οΈ I use a variable $wordlist to write shorter commands.
You can learn more about wordlists here ποΈ.
β οΈ If you don't provide an username, hydra will try to find as many working credentials as possible. To stop at the first one, use -f.
-
-l username: try this username -
-L file: try a list of usernames -
-p password: try this password -
-P file: try a list of passwords -
-C file: instead of L/P, provide a list of "username:password" -
-s port: use another port -
-t n: use $n$ threads (default: 16) |4for services -
-v/-d: verbose / debug -
-V: show login+password for every attempt -
-e [values]such as-e nsrfor all three-
n: try null password -
s: try login as pass -
r: try reversed login
-
-
-f: quit on first log in found -
-u: try all usernames for each password
Special uses
form brute force
Try to brute force the account "toto". ^USER^/^PASS^ mean replace with the username/password. username=/password= are the name of the fields. F= is a word in the answer indicates a failure. See also: S=.
$ hydra -l toto -P wordlist IP http-get-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
$ hydra -l toto -P wordlist IP http-post-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
π» To-do π»
Stuff that I found, but never read/used yet.
- HTTP Basic Auth:
[...] IP http-get /