Comprehensive Guide on Hydra – A Brute Forcing Tool

Today we are going to discuss – How much impact hydra has in cracking login credential of various protocols to make unauthorized access to a system remotely. In this article we have discussed each option available in hydra to make brute force attack in various scenario. 

Table of Content

• Introduction to hydra
• Multiple Feature of Hydra
• Password Guessing For Specific Username
• Username Guessing For Specific Password
• Cracking Login Credential
• Use Verbose or Debug Mode for Examining Brute Force
• NULL/Same as Login/Reverse login Attempt
• Save Output to Disk
• Resuming The Brute Force Attack
• Password Generating Using Various Set of Character
• Attacking on Specific Port Instead of Default
• Making Brute Force Attack on Multiple Host

Introduction to Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP

Full Article Read Here