How to use the command "hydra" (with examples)
Hydra is an online password guessing tool that can be used to brute-force cybersecurity protocols such as FTP, HTTP(S), SMTP, SNMP, XMPP, SSH, and more. It is a powerful tool for penetration testing, allowing users to test the strength of their passwords and identify vulnerabilities in their systems.
Use case 1: Start Hydra’s wizard
Code:
hydra-wizard
Motivation: Starting Hydra’s wizard is useful for beginners who are not familiar with the command-line interface or the parameters required to run Hydra. The wizard provides a step-by-step guide for configuring the necessary options to perform password guessing attacks.
Explanation: The command “hydra-wizard” launches the wizard interface for Hydra. The wizard prompts the user to enter the required parameters, such as the target’s IP address, port, and the protocol to attack. It then guides the user through selecting the appropriate options based on the chosen protocol.
Example Output: The output of the hydra-wizard command will be a series of prompts guiding the user through the process of configuring the attack. Each prompt will require input from the user, such as the target’s IP address, port, and the protocol to attack.
Use case 2: Guess SSH credentials using a given username and a list of passwords
Code:
hydra -l username -P path/to/wordlist.txt host_ip ssh
Motivation: This use case is helpful when you have a specific username and want to try multiple passwords from a wordlist to gain unauthorized access to an SSH server. It can be used for security auditing or to test the strength of the SSH password.
Explanation:
hydra
: The command to run Hydra.-l username
: Specifies the username to be used for the SSH login attempt.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.host_ip
: Specifies the IP address of the target host.ssh
: Specifies the protocol to attack, in this case, SSH.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not.
Use case 3: Guess HTTPS webform credentials using two specific lists of usernames and passwords
Code:
hydra -L path/to/usernames.txt -P path/to/wordlist.txt host_ip https-post-form "url_without_host:https_post_request:login_failed_string"
Motivation: This use case is helpful when you want to guess credentials for an HTTPS webform that uses POST requests. It allows you to try different combinations of usernames and passwords to gain unauthorized access to the webform.
Explanation:
hydra
: The command to run Hydra.-L path/to/usernames.txt
: Specifies the path to the file that contains a list of usernames to be tested.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.host_ip
: Specifies the IP address of the target host.https-post-form
: Specifies the protocol and the type of webform attack to use."url_without_host:https_post_request:login_failed_string"
: Specifies the URL of the webform without the host, the structure of the POST request, and a string indicating a failed login attempt.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not. It may also show any error messages or warnings encountered during the attack.
Use case 4: Guess FTP credentials using usernames and passwords lists, specifying the number of threads
Code:
hydra -L path/to/usernames.txt -P path/to/wordlist.txt -t n_tasks host_ip ftp
Motivation: This use case allows you to guess FTP credentials by trying different combinations of usernames and passwords. By specifying the number of threads, you can speed up the password guessing process and potentially find valid login credentials more quickly.
Explanation:
hydra
: The command to run Hydra.-L path/to/usernames.txt
: Specifies the path to the file that contains a list of usernames to be tested.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.-t n_tasks
: Specifies the number of threads to be used for the attack. More threads can speed up the attack but may also increase the load on the target host.host_ip
: Specifies the IP address of the target FTP server.ftp
: Specifies the protocol to attack, in this case, FTP.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not.
Use case 5: Guess MySQL credentials using a username and a passwords list, exiting when a username/password pair is found
Code:
hydra -l username -P path/to/wordlist.txt -f host_ip mysql
Motivation: This use case is helpful when you already know the username for a MySQL server and want to guess the password using a wordlist. By using the -f
option, Hydra will exit as soon as it finds a valid username/password pair.
Explanation:
hydra
: The command to run Hydra.-l username
: Specifies the username to be used for the MySQL login attempt.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.-f
: Specifies that Hydra should exit as soon as it finds a valid username/password pair.host_ip
: Specifies the IP address of the target MySQL server.mysql
: Specifies the protocol to attack, in this case, MySQL.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not. If Hydra finds a valid username/password pair, it will exit and display the credentials.
Use case 6: Guess RDP credentials using a username and a passwords list, showing each attempt
Code:
hydra -l username -P path/to/wordlist.txt -V rdp://host_ip
Motivation: This use case is useful when you want to guess RDP credentials by trying different combinations of usernames and passwords. By using the -V
option, Hydra will display each attempt, allowing you to monitor the progress of the attack.
Explanation:
hydra
: The command to run Hydra.-l username
: Specifies the username to be used for the RDP login attempt.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.-V
: Specifies that Hydra should display each attempt, allowing you to monitor the progress of the attack.rdp://host_ip
: Specifies the protocol (RDP) and the IP address of the target RDP server.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not. It will also display the credentials used for each attempt.
Use case 7: Guess IMAP credentials on a range of hosts using a list of colon-separated username/password pairs
Code:
hydra -C path/to/username_password_pairs.txt imap://[host_range_cidr]
Motivation: This use case allows you to guess IMAP credentials on a range of hosts by trying different combinations of usernames and passwords. By using a list of colon-separated username/password pairs, you can test multiple credentials in parallel.
Explanation:
hydra
: The command to run Hydra.-C path/to/username_password_pairs.txt
: Specifies the path to the file that contains a list of colon-separated username/password pairs to be tested.imap://[host_range_cidr]
: Specifies the protocol (IMAP) and the range of hosts to attack in CIDR notation.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not.
Use case 8: Guess POP3 credentials on a list of hosts using usernames and passwords lists, exiting when a username/password pair is found
Code:
hydra -L path/to/usernames.txt -P path/to/wordlist.txt -M path/to/hosts.txt -F pop3
Motivation: This use case is helpful when you want to guess POP3 credentials on a list of hosts using different combinations of usernames and passwords. By using the -F
option, Hydra will exit as soon as it finds a valid username/password pair on any of the specified hosts.
Explanation:
hydra
: The command to run Hydra.-L path/to/usernames.txt
: Specifies the path to the file that contains a list of usernames to be tested.-P path/to/wordlist.txt
: Specifies the path to the wordlist file that contains passwords to be tested.-M path/to/hosts.txt
: Specifies the path to the file that contains a list of hosts to attack.-F
: Specifies that Hydra should exit as soon as it finds a valid username/password pair on any of the specified hosts.pop3
: Specifies the protocol to attack, in this case, POP3.
Example Output: Hydra will display the results of each attempt, indicating whether the attempt was successful or not. If Hydra finds a valid username/password pair on any of the specified hosts, it will exit and display the credentials.
Conclusion:
Hydra is a powerful tool for performing online password guessing attacks on various protocols. Each use case illustrated above demonstrates the flexibility and versatility of the Hydra command. From simple SSH password guessing to complex webform attacks, Hydra provides a comprehensive set of features to test the strength of passwords and identify vulnerabilities in systems.