- Get link
- X
- Other Apps
Intro
THC Hydra is a brute force tool that is used to perform
attacks against a wide range of protocols. In this article I will use Hydra to
attack an FTP server.
Hydra is a brute force password cracker that uses dictionary
attacks (strings, passphrases, words) to guess a user’s login details.
Usage
To use Hydra a username must be provided along with a
password list, Hydra uses the password list against the provided username. The
attacker can create a custom dictionary of passwords or can source one from
online.
The Syntax for a basic hydra attack is as follows:
Hydra -l [user] -p [wordlist.file] [protocol]://[host IP]
Hydra -l [user] -p [wordlist.file] [protocol]://[host IP]
- Hydra to start the application
- -l to specify a username
- -p word list file for the passwords
- Then the protocol being used (FTP in this case)
- And then the host IP address we are attacking (IP of the FTPserver)
When the command is executed, Hydra iterates through the word list trying each password with the username provided. If a password is found, Hydra will display it back to the user.
hydra -l jimmy -P
/usr/share/wordlists/metasploit/password.lst ftp://10.102.8.196
- The username is Jimmy
- The file path to the word list is /usr/share/wordlists/metasploit/password.lst
- The protocol is FTP
- The target IP address is 10.102.8.196
Once the attack has taken place, if successful the password will be returned to the user.
As we can see above highlighted in green, the username is Jimmy and the password is Acoustic.
Comments
Post a Comment