• Subscribe to the low volume list for updates.

ToolsJune 16, 2011

Hydra Password Brute Force

THC Hydra examples for brute forcing passwords

Hydra continues to be a recognised and widely used method for brute force attacks for password cracking. The tool supports many protocols, a few of which are SSH, SMTP, IMAP, MONGODB, CISCO AAA, VNC, RDP amongst many others.

From the command line the basic syntax structure for brute forcing logins with username and/or passwords is as follows:

$ hydra -l username -P wordlist protocol host

this could look like this:

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt 10.10.10.10 ssh

or the same search using :// option

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh://10.10.10.10
The latest version of Hydra as at the time of this article is Hydra 9.4 released in Sept 2022.

Related Posts

DirBuster – Brute force a web server for interesting things

August 27, 2009

WPScan Install on Ubuntu

November 6, 2013

Two factor (2FA) SSH with Google Authenticator

December 28, 2018

List all IPs in Subnet with Nmap

May 17, 2014