mirror of https://github.com/CrimsonTome/tldr.git
38 lines
1.6 KiB
Markdown
38 lines
1.6 KiB
Markdown
# hydra
|
|
|
|
> Online password guessing tool.
|
|
> Protocols supported include FTP, HTTP(S), SMTP, SNMP, XMPP, SSH, and more.
|
|
> More information: <https://github.com/vanhauser-thc/thc-hydra>.
|
|
|
|
- Start Hydra's wizard:
|
|
|
|
`hydra-wizard`
|
|
|
|
- Guess SSH credentials using a given username and a list of passwords:
|
|
|
|
`hydra -l {{username}} -P {{path/to/wordlist.txt}} {{host_ip}} {{ssh}}`
|
|
|
|
- Guess HTTPS webform credentials using two specific lists of usernames and passwords ("https_post_request" can be like "username=^USER^&password=^PASS^"):
|
|
|
|
`hydra -L {{path/to/usernames.txt}} -P {{path/to/wordlist.txt}} {{host_ip}} {{https-post-form}} "{{url_without_host}}:{{https_post_request}}:{{login_failed_string}}"`
|
|
|
|
- Guess FTP credentials using usernames and passwords lists, specifying the number of threads:
|
|
|
|
`hydra -L {{path/to/usernames.txt}} -P {{path/to/wordlist.txt}} -t {{n_tasks}} {{host_ip}} {{ftp}}`
|
|
|
|
- Guess MySQL credentials using a username and a passwords list, exiting when a username/password pair is found:
|
|
|
|
`hydra -l {{username}} -P {{path/to/wordlist.txt}} -f {{host_ip}} {{mysql}}`
|
|
|
|
- Guess RDP credentials using a username and a passwords list, showing each attempt:
|
|
|
|
`hydra -l {{username}} -P {{path/to/wordlist.txt}} -V {{rdp://host_ip}}`
|
|
|
|
- Guess IMAP credentials on a range of hosts using a list of colon-separated username/password pairs:
|
|
|
|
`hydra -C {{path/to/username_password_pairs.txt}} {{imap://[host_range_cidr]}}`
|
|
|
|
- Guess POP3 credentials on a list of hosts using usernames and passwords lists, exiting when a username/password pair is found:
|
|
|
|
`hydra -L {{path/to/usernames.txt}} -P {{path/to/wordlist.txt}} -M {{path/to/hosts.txt}} -F {{pop3}}`
|