HYDRA - Command Overview: Difference between revisions
Created page with "Category:Wiki == Basic Syntax == The general syntax for Hydra is as follows: <nowiki> hydra [options] <target> <protocol> <username list> <password list></nowiki> - `[options]`: Various flags or settings to adjust the attack. - `<target>`: The IP address or hostname of the target system. - `<protocol>`: The protocol to attack, such as ftp, ssh, http, etc. - `<username list>`: A file containing a list of usernames to attempt. - `<password list>`: A file containing..." |
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' " |
||
| Line 1: | Line 1: | ||
[[Category:Wiki]] | [[Category:Wiki]] | ||
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | |||
== Basic Syntax == | == Basic Syntax == | ||
Latest revision as of 08:14, 17 January 2026
Basic Syntax
The general syntax for Hydra is as follows:
hydra [options] <target> <protocol> <username list> <password list>
- `[options]`: Various flags or settings to adjust the attack. - `<target>`: The IP address or hostname of the target system. - `<protocol>`: The protocol to attack, such as ftp, ssh, http, etc. - `<username list>`: A file containing a list of usernames to attempt. - `<password list>`: A file containing a list of passwords to try.
Common Usage Examples
SSH Brute Force
To perform a brute-force attack on an SSH server using a list of usernames and passwords, you would use the following command:
hydra -l user -P /path/to/passwordlist.txt ssh://<target_ip>
This command will attempt to log in to the SSH server at `<target_ip>` using the username `user` and all passwords from the specified password list.
HTTP Form Brute Force
To attack an HTTP form (such as a login page) using a dictionary attack on the login form, you can use:
hydra -l admin -P /path/to/passwordlist.txt http-get://<target_ip>/login.php
This example tries to log in as `admin` using each password in the password list on the HTTP login form located at `/login.php`.
FTP Brute Force
To perform a brute-force attack on an FTP server:
hydra -l user -P /path/to/passwordlist.txt ftp://<target_ip>
This will attempt to log into the FTP server at `<target_ip>` using the username `user` and each password from the list.
Useful Options
Hydra provides a wide range of options to customize the attack.
- `-l <username>`: Specify a single username.
- `-L <username_list>`: Specify a file containing a list of usernames.
- `-p <password>`: Specify a single password.
- `-P <password_list>`: Specify a file containing a list of passwords.
- `-t <number>`: Set the number of parallel tasks (default is 16).
- `-vV`: Enable verbose mode to display each attempt.
- `-f`: Exit after the first valid login is found.
- `-s <port>`: Specify the port number if the service is running on a non-standard port.
Example of using parallel tasks:
hydra -L users.txt -P passlist.txt -t 64 ftp://<target_ip>
This command will attempt login with the username list `users.txt` and password list `passlist.txt`, while using 64 parallel tasks for faster execution.
