Brute Force Attacks - Hydra

Hydra

Hydra is a brute-forcing tool that helps ethical hackers crack the passwords and gain access to different network services.

Hydra can perform fast dictionary attacks against many types of protocols. These include telnet, FTP, HTTPS,IMAP, SMB, POP databases, as well as many more!

How Can I Use It?

Firstly what flags and switches we can use with Hydra.

To start let's run the following command to display what we can use.

$ hydra -h

As shown at the bottom, Hydra displays a few examples for us. In this case I want to preform a single Username/Password Attack using Hydra.

To preform this attack I will be using the '-l' flag as well as the '-P' flag. The reason I chose to use the '-l' flag is that I already know the username, If for example I did not know the username I could use the '-L' flag and pass a dictionary with a list of possibly Usernames. To start I will run the following command:

$ hydra -l msfadmin -P password.lst 10.0.2.6 ftp

After we have executed this, If we have succesfully gained access, we should see something like this:

As we can see Hydra has outputted the results of the login: msfadmin and the password that used, which also was msfadmin.

We can now succesfully log into the machine via ftp.

Hashtags

#hacking #hacker #cybersecurity #ethicalhacking #hackers #linux #programming #hack #technology #kalilinux #security #coding #infosec #python #tech #hackingtools #ethicalhacker #pentesting #cyber #malware #programmer #computerscience #cybercrime #cyberattack #informationsecurity #hacked #anonymous #cybersecurityawareness #coder #java