ToolsFebruary 9, 20261 min readby 0xt0pus

Hydra

Network login brute-forcer supporting numerous protocols including SSH, FTP, HTTP, and SMB

#password-cracking#brute-force

Hydra

Description

Hydra is a fast and flexible online password brute forcing tool. It supports numerous protocols including SSH, FTP, HTTP, SMB, and more. It is used during the password attack phase of penetration testing.

Usage 1: SSH Brute Force

Command:

hydra -L users.txt -P passwords.txt ssh://192.168.12.23

Usage 2: SSH Brute Force with Single User and Password Across Multiple Servers

Command:

hydra -l david -p Spring2018 -M ssh_servers.txt ssh

Usage 3: HTTP POST Form Brute Force

Command:

hydra 192.168.0.93 http-post-form "/testcenter/wp-login.php:log=^USER^&pwd=^PASS^:ERROR" -L users.txt -P passwords.txt