Situatie
Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Installed size: 956 KB
How to install: sudo apt install hydra
Solutie
Step 1: Basic SSH Password Test
hydra -l username -p password ssh://192.168.1.100-l username: The username to test-p password: Single password to tryssh://IP: Target service and IP
Step 2: Test Multiple Passwords
hydra -l admin -P /usr/share/wordlists/rockyou.txt -t 4 ssh://192.168.1.100-P: Use password list file-t 4: Use 4 parallel connections (be gentle)
Step 3: Test Web Login
hydra -l admin -P passwords.txt 192.168.1.100 http-post-form "/login.php:username=^USER^&password=^PASS^:Login failed"Reading Results
- Success: Shows valid username/password combo
- Failed: No valid credentials found
- Blocked: Target may have rate limiting
Creating a Small Password List
echo -e "password\n123456\nadmin\nletmein" > passwords.txtPro Tips for Beginners
- Start with small password lists
- Use low thread counts (-t 2 or -t 4)
- Test your own systems first
- Many systems will block you after failed attempts
Common Services to Test
- SSH:
ssh://IP - FTP:
ftp://IP - Web forms:
http-post-form - RDP:
rdp://IP
What this teaches you
- Weak passwords are easily cracked
- Rate limiting helps prevent attacks
- Strong passwords are essential
- Multi-factor authentication is important.
Leave A Comment?