#CoolTools for hackers! Brute-force attack with hydra

in Account Booster 👍3 years ago

image.png

Today I am going to show you how to brute-force the user and password of a server using a tool called "Hydra".
Sometimes, the servers' admins use weak (or standard) passwords which can be easily breached using different kind of tools. As trying to log on as a user manually can be so tedious, smart people give us tools which can help (THANK YOU!).
Now let´s talk about hydra. Hydra is a pre-installed tool in Kali Linux used to brute-force username and password to different services such as ftp, ssh, telnet, MS-SQL etc. Brute-force can be used as a technique to try different usernames and passwords against a target to identify correct credentials.
If you don´t have it installed, you can download using this command sudo apt-get install hydra-gtk.
Once it is installed, you may use a wordlist for the user and another one for the password. You can find some examples here:
https://github.com/jeanphorn/wordlist/blob/master/usernames.txt
https://github.com/jeanphorn/wordlist
Or just make your own personalized one!
Now let´s start using hydra. I will show you an example where I could crack the user and password for a ssh host and all the parameters I defined.
hydra -L users.txt -P passwords.txt ssh://192.168.0.24 -o contrasenia.txt -f -t 8

  • -L users.txt: users.txt is the file used to load several logins from.
  • -P passwords.txt: here you are specifying the file where hydra will load passwords.
  • ssh://192.168.0.24: the port and the IP where you want to connect.
  • -o contrasenia.txt: file where the program will store the output.
  • -f: exit when a login/pass pair is found
  • -t 8: run 8 tasks connections in parallel (default is 16).
    This can take a long time depending on the size of your user and password files but, once it finishes, you can check if it was worth it!
    For my example this is the result (in console).

image.png

And this is the stored outpud in contrasenia.txt
image.png

I hope this post can be useful for you. Always use this kind of tools at your own risk and ONLY with learning purposes.
Have a nice weekend stemians!

#hacking #pentest #pentesting #steemit #tool #linux
3 years ago in Account Booster 👍 by
$0.13
  • Past Payouts $0.13, 0.00 TRX
  • - Author $0.06, 0.00 TRX
  • - Curators $0.06, 0.00 TRX
18 votes
Reply 0

Coin Marketplace

STEEM 0.24
TRX 0.11
JST 0.029
BTC 69188.87
ETH 3670.63
USDT 1.00
SBD 3.24