# Disboard #
  • Reconnaissance
    • Quick Guide
    • Ports and Protocols
    • Passive Reconnaissance
    • Active Reconnaissance
  • Enumeration
    • Password Cracking
    • Hydra
    • Wireshark
    • Snort
    • Steganography
  • Web
    • OWASP Top 10
    • OWASP API
    • SQL Injection
      • Microsoft SQL Injection
    • Cross Site Scripting
    • Browser Vulnerabilities
    • Fuzzing
  • Linux
    • Privilege Escalation
    • Docker
    • Program Life Cycle
  • Windows
    • Privilege Escalation
    • Active Directory
    • Powershell
  • Event Logs
    • Sysmon
  • Exploitation
    • Shells
      • Upgrading Shells
    • Metasploit
      • Meterpreter
    • KOTH
    • Source Code Review
  • Hack the Box
    • ARCHETYPE
    • BASE
    • BASHED
    • EXPLORE
    • NIBBLES
  • Try Hack Me
    • ADVENTURE TIME
    • HACKFINITY
    • MOTHER'S SECRET
    • OFFSEC
    • POSTEXPLOIT
    • ROASTED
    • TEMPEST
    • TRAVERSE
  • CompTIA
    • Network
      • 1.0 Networking Fundamentals
      • 2.0 Network Implementations
      • 3.0 Network Operations
      • 4.0 Network Security
      • 5.0 Network Troubleshooting
    • PenTest
  • SIEM
    • Splunk
    • Elastic
  • Wireless
    • Wi-Fi Hacking
  • Other
    • PicoCTF
    • SSH Tunneling
    • Life Hacks
    • My Pokémon API
    • Github
Powered by GitBook
On this page
  • FTP
  • SSH
  • Web Form
  1. Enumeration

Hydra

Fast Network Logon Cracker

PreviousPassword CrackingNextWireshark

Last updated 11 months ago

Hydra supports the following:

  • Asterisk, Cisco, FTP, HTTP, HTTPS, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle, PCNFS, POP3, POSTGRES, Radmin, RDP, RSH, RTSP, SMB, SMTP, SNMP, SSH, TS2, Telnet, VNC, etc.

FTP

hydra -l user -P passlist.txt ftp://$IP

SSH

hydra -l $USER -P $PASSLIST $IP -t 4 ssh

Option
Description

-l

specifies the username for login

-P

indicates a list of passwords

-t

sets the number of threads to spawn

Web Form

sudo hydra -l $USER -P $WORDLIST $IP http-post-form "$PATH:$CREDS:$INVALID"

Example: sudo hydra -l admin -P passlist.txt 10.10.10.10 http-post-form "/login.php:username=^USER^&password=^PASS^:incorrect" -V -f