LinuxCommandLibrary

hydra

Brute-force password cracking of online services

TLDR

Start Hydra's wizard

$ hydra-wizard
copy

Guess SSH credentials using a given username and a list of passwords
$ hydra -l [username] -P [path/to/wordlist.txt] [host_ip] [ssh]
copy

Guess HTTPS webform credentials using two specific lists of usernames and passwords ("https_post_request" can be like "username=^USER^&password=^PASS^")
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] [host_ip] [https-post-form] "[url_without_host]:[https_post_request]:[login_failed_string]"
copy

Guess FTP credentials using usernames and passwords lists, specifying the number of threads
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] -t [n_tasks] [host_ip] [ftp]
copy

Guess MySQL credentials using a username and a passwords list, exiting when a username/password pair is found
$ hydra -l [username] -P [path/to/wordlist.txt] -f [host_ip] [mysql]
copy

Guess RDP credentials using a username and a passwords list, showing each attempt
$ hydra -l [username] -P [path/to/wordlist.txt] -V [rdp://host_ip]
copy

Guess IMAP credentials on a range of hosts using a list of colon-separated username/password pairs
$ hydra -C [path/to/username_password_pairs.txt] [imap://[host_range_cidr]]
copy

Guess POP3 credentials on a list of hosts using usernames and passwords lists, exiting when a username/password pair is found
$ hydra -L [path/to/usernames.txt] -P [path/to/wordlist.txt] -M [path/to/hosts.txt] -F [pop3]
copy

SYNOPSIS

hydra [options] [target]

PARAMETERS

-L FILE
    Use FILE as a list of usernames to try.

-l LOGIN
    Use LOGIN as the username to try.

-P FILE
    Use FILE as a list of passwords to try.

-p PASS
    Use PASS as the password to try.

-M FILE
    Use FILE as a list of targets to attack. One entry per line.

-s PORT
    Specify the port if the service is running on a non-default port.

-S
    Perform SSL connection.

-v
    Verbose mode, shows each login attempt.

-V
    Very verbose mode, shows even more information.

-t TASKS
    Run TASKS number of connections in parallel (default: 16).

-w TIME
    Maximum wait TIME (seconds) for connection (default: 30).

-f
    Exit after the first login is found (only one host is cracked).

-o FILE
    Write found login/password pairs to FILE.

-n HOSTNAME
    When the service asks for a hostname, e.g. for HTTP digest authentication.

-x MIN:MAX:CHARS
    Brute force password option. Generate passwords of MIN length to MAX length using CHARS. The CHARS options may be digits, upper- and lowercase letters and some special chars.
Example: -x 4:6:a-z0-9.

-e nsr
    Try "n" Null password, "s" same password as username, "r" reversed username

[protocol]://[target] [module options]
    The target URL including the protocol. Protocol options can be given using the -O parameter.

DESCRIPTION

Hydra is a parallelized login cracker which supports numerous protocols to perform brute-force attacks against a wide variety of services. It is a powerful tool for security professionals and penetration testers to identify weak or default credentials within systems. It leverages dictionaries of usernames and passwords to attempt authentication against targeted services, making it effective for discovering common security vulnerabilities. Hydra is highly configurable, allowing users to specify the target host, port, protocol, username/password lists, and various options for controlling the attack's intensity and behavior. This adaptability makes it suitable for a wide range of penetration testing scenarios.
Important: Use hydra responsibly and only on systems you have explicit permission to test. Unauthorized use is illegal.

CAVEATS

Hydra's effectiveness is heavily reliant on the quality of username and password lists.
It can generate a large amount of network traffic, potentially triggering intrusion detection systems (IDS).
Be aware of the legal implications of using hydra, as unauthorized penetration testing can have serious consequences.

SUPPORTED PROTOCOLS

Hydra supports a wide variety of protocols, including but not limited to:
ftp, smtp, pop3, imap, telnet, http(s) (get, post, head), smb, ssh, rdp, vnc, mysql, mssql, postgres, mongodb, oracle, ldap, nntp, snmp, socks5. The module specific options have to be given to the target URL using the -O parameter.

USAGE CONSIDERATIONS

Prioritize ethical and legal considerations when using hydra. Always obtain explicit permission before performing penetration testing on any system. Limit the attack rate to avoid causing denial-of-service conditions. Use strong password policies and multi-factor authentication to mitigate the risks of password cracking.

HISTORY

Hydra has been around since 2000 and has been under continuous development. It has evolved to support a wider variety of protocols and authentication mechanisms. Early versions were focused on exploiting simple vulnerabilities, but modern hydra can handle more complex authentication challenges like HTTP forms, HTTPS, and database authentication. Its widespread adoption in the security community highlights its effectiveness as a password cracking tool.

SEE ALSO

ncrack(1), medusa(1)

Copied to clipboard