hydra
Hydra (9.0k β) is a well-known tool to brute force authentication services such SSH, FTP, RDP, MySQL... It can even be used on login forms too, but that's uncommon.
$ wordlist=/usr/share/wordlists/rockyou.txt
# use ssh, ftp...
$ hydra -l username -P $wordlist ssh://IP
$ hydra -l username -P $wordlist ssh://IP:port
$ hydra -l username -P $wordlist ftp://IP
$ hydra -l username -P $wordlist rdp://IP
$ hydra -l xxx@xxx.xxx -P $wordlist smtp://IP
$ [...]
# alternate form
$ hydra -l username -P $wordlist IP ssh -s port
β‘οΈ I use a variable $wordlist to write shorter commands.
You can learn more about wordlists here ποΈ.
β οΈ If you don't provide an username, hydra will try to find as many working credentials as possible. To stop at the first one, use -f.
-l username: try this username-L file: try a list of usernames-p password: try this password-P file: try a list of passwords-C file: instead of L/P, provide a list of "username:password"-s port: use another port-t n: use $n$ threads (default: 16) |4for services-v/-d: verbose / debug-V: show login+password for every attempt-e [values]such as-e nsrfor all threen: try null passwords: try login as passr: try reversed login
-f: quit on first log in found-u: try all usernames for each password
Special uses
form brute force
Try to brute force the account "toto". ^USER^/^PASS^ mean replace with the username/password. username=/password= are the name of the fields. F= is a word in the answer indicates a failure. See also: S=.
$ hydra -l toto -P wordlist IP http-get-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
$ hydra -l toto -P wordlist IP http-post-form "/login.php:username=^USER^&password=^PASS^:F=incorrect" -V
π» To-do π»
Stuff that I found, but never read/used yet.
- HTTP Basic Auth:
[...] IP http-get /