Hydra

Basic Syntax

Parameter	Explanation	Usage Example
`-l LOGIN` or `-L FILE`	Login options: Specify either a single username (`-l`) or a file containing a list of usernames (`-L`).	`hydra -l admin ...` or `hydra -L usernames.txt ...`
`-p PASS` or `-P FILE`	Password options: Provide either a single password (`-p`) or a file containing a list of passwords (`-P`).	`hydra -p password123 ...` or `hydra -P passwords.txt ...`
`-t TASKS`	Tasks: Define the number of parallel tasks (threads) to run, potentially speeding up the attack.	`hydra -t 4 ...`
`-f`	Fast mode: Stop the attack after the first successful login is found.	`hydra -f ...`
`-s PORT`	Port: Specify a non-default port for the target service.	`hydra -s 2222 ...`
`-v` or `-V`	Verbose output: Display detailed information about the attack's progress, including attempts and results.	`hydra -v ...` or `hydra -V ...` (for even more verbosity)
`service://server`	Target: Specify the service (e.g., `ssh`, `http`, `ftp`) and the target server's address or hostname.	`hydra ssh://192.168.1.100`
`/OPT`	Service-specific options: Provide any additional options required by the target service.	`hydra http-get://example.com/login.php -m "POST:user=^USER^&pass=^PASS^"` (for HTTP form-based authentication)
### Hydra Services
Hydra Service	Service/Protocol	Description
---	---	---
ftp	File Transfer Protocol (FTP)	Used to brute-force login credentials for FTP services, commonly used to transfer files over a network.
ssh	Secure Shell (SSH)	Targets SSH services to brute-force credentials, commonly used for secure remote login to systems.
http-get/post	HTTP Web Services	Used to brute-force login credentials for HTTP web login forms using either GET or POST requests.
smtp	Simple Mail Transfer Protocol	Attacks email servers by brute-forcing login credentials for SMTP, commonly used to send emails.
pop3	Post Office Protocol (POP3)	Targets email retrieval services to brute-force credentials for POP3 login.
imap	Internet Message Access Protocol	Used to brute-force credentials for IMAP services, which allow users to access their email remotely.
mysql	MySQL Database	Attempts to brute-force login credentials for MySQL databases.
mssql	Microsoft SQL Server	Targets Microsoft SQL servers to brute-force database login credentials.
vnc	Virtual Network Computing (VNC)	Brute-forces VNC services, used for remote desktop access.
rdp	Remote Desktop Protocol (RDP)	Targets Microsoft RDP services for remote login brute-forcing.

Brute forcing HTTP Auth

if example.com uses basic http auth
- we have a usernames, passwords file
hydra -L usernames.txt -P passwords.txt www.example.com http-get

Brute forcing multiple SSH servers:

hydra -l root -p toor -M targets.txt ssh
- targets.txt contains the IP addresses

Testing FTP Credentials on a Non-Standard Port

hydra -L usernames.txt -P passwords.txt -s 2121 -V ftp.example.com ftp

hydra -l admin -P passwords.txt www.example.com http-post-form "/login:user=^USER^&pass=^PASS^:S=302"
- Look for a successful login indicated by the HTTP status code 302.
hydra -L /opt/SecLists/mine/top-usernames-shortlist.txt -P /opt/SecLists/mine/2023-200_most_used_passwords.txt 94.237.48.12 -s 51193 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid Credentials"
- this will be on the root '/' page instead of a dedicated '/login' page.
- Look for a failure criteria "Invalid Credentials"

RDP brute force using Hydra

hydra -l administrator -x 6:8:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 192.168.1.100 rdp
- test passwords between 6-8 char long from the given character set

Hydra

Basic Syntax

Brute forcing HTTP Auth

Brute forcing multiple SSH servers:

Testing FTP Credentials on a Non-Standard Port

Testing a web login

RDP brute force using Hydra