Crack passwords with hydra

THC-Hydra – A very fast network logon cracker which support many different services. See feature sets and services coverage page – incl. a speed comparison against ncrack and medusa.

Hydra options:

hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [server service [OPT]]|[service://server[:PORT][/OPT]]
Options:
  -R        restore a previous aborted/crashed session
  -S        perform an SSL connect
  -s PORT   if the service is on a different default port, define it here
  -l LOGIN or -L FILE  login with LOGIN name, or load several logins from FILE
  -p PASS  or -P FILE  try password PASS, or load several passwords from FILE
  -x MIN:MAX:CHARSET  password bruteforce generation, type "-x -h" to get help
  -e nsr    try "n" null password, "s" login as pass and/or "r" reversed login
  -u        loop around users, not passwords (effective! implied with -x)
  -C FILE   colon separated "login:pass" format, instead of -L/-P options
  -M FILE   server list for parallel attacks, one entry per line
  -o FILE   write found login/password pairs to FILE instead of stdout
  -f        exit after the first found login/password pair (per host if -M)
  -t TASKS  run TASKS number of connects in parallel (default: 16)
  -w / -W TIME  waittime for responses (32s) / between connects per thread
  -4 / -6   prefer IPv4 (default) or IPv6 addresses
  -v / -V   verbose mode / show login+pass combination for each attempt
  -U        service module usage details
  server    the target server (use either this OR the -M option)
  service   the service to crack. Supported protocols: cisco cisco-enable 
cvs firebird ftp[s] http[s]-{head|get} http[s]-{get|post}-form http-proxy 
http-proxy-urlenum icq imap irc ldap2 ldap3[-{cram|digest}md5] mssql mysql 
ncp nntp oracle-listener oracle-sid pcanywhere pcnfs pop3 postgres rdp 
rexec rlogin rsh sip smb smtp smtp-enum snmp socks5 ssh svn teamspeak 
telnet vmauthd vnc xmpp
  OPT       some service modules need special input (use -U to see module help)

Examples:
Cracking ssh passwords (try all the combinations of usernames and passwords) with Hydra:

hydra -L [usernames_file] -P [passwords_file] -e ns -t 10 -f -s  [ip_address] ssh2

Cracking ftp passwords in BackTrack with Hydra:

hydra -l  -P /pentest/passwords/wordlists/darkc0de.lst -e ns -f -vV [ip_address] ftp
%d bloggers like this: