Hydra (better known as “thc-hydra”) is an online password attack tool. It brute forces various combinations on live services like telnet, ssh, HTTP, https, smb, SNMP, SMTP, etc. Hydra supports 30+ protocols including their SSL enabled ones. It brute forces on services we specify by using user-lists & wordlists. It is available for various platforms including Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX and QNX/Blackberry. Hydra works in 4 modes:
- One username & one password
- User-list & One password
- One username & Password list
- User-list & Password list
Install Hydra on Linux, from repositories
If you don’t mind about the version, or don’t need the features on the newest version. On Debian 9 you can install Hydra from the repositories.
sudo apt-get install hydra-gtk
This installs the command line version along with the front end GUI.
Pentesters use this tool to test/audit the password complexity of live services mostly where direct sniffing is not possible. We discuss the GUI of the tool in the following tutorial.
Target- Settings of various target options
Passwords – Specify password options & wordlists
Tuning – Specify how fast should hydra work. Other timing options are also available.
Specific – For testing on specific targets like a domain, https proxy, etc.
Start – Start/Stop & shows the output.
Breaking ssh with wordlist attack – Hydra
Step 1: First, open up your xHydra(in Kali Linux go applications-password attacks to find xhydra in kali) or open the terminal and type xhydra.
We try to break an ssh authentication on a remote has who has IP address 192.168.0.78. Here we do a wordlist attack by using a wordlist containing most common passwords to break into the root account.
Step 2: Set Target & protocol in the target tab.<here 192.168.0.78><use your target>
Step 3: Set the username as root & specify the location for a wordlist in passwords tab.
Note: Kali Linux comes with built-in wordlists. Search them using the command: locate *.lst in terminal.
command: locate *.lst
Other wide ranges of wordlist ranging up to 3GB or more are available on the internet. Just google for 5 minutes.
Step 4: Set no of tasks to 1 in tuning tab since this will reduce congestion & chance of detection. But takes longer to complete. This is also necessary to mitigate the account lockout duration.
Step 5: Start the thc-hydra from Start tab.
Step 6: Scroll Down & Wait until the password gets cracked
If you are facing any feel free to comment here, thanks.