269 lines
9.5 KiB
HTML
269 lines
9.5 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>hydra Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">hydra Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>hydra is a fast and flexible brute force authentication tool. It supports parallel attacks on many protocols including SSH, HTTP, FTP, SMB, and more.</p>
|
|
<hr>
|
|
<h2>Basic Syntax</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> <target> <service> - Basic brute force</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L <userlist> -p <password> <target> <service> - User enumeration</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L <userlist> -P <wordlist> <target> <service> - Full brute force</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Options</h2>
|
|
<ul>
|
|
<li>-l <login> - Single login name</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-L <file> - Login file (one per line)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-p <password> - Single password</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-P <file> - Password file (one per line)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-t <tasks> - Number of parallel tasks (default 16)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-w <timeout> - Wait time between attempts (default 32)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-f - Exit on first valid login</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-s <port> - Port number (if non-standard)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-v - Verbose mode</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-V - Show login/password attempts</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-o <file> - Output file for found credentials</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>SSH Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> ssh://<target> - SSH attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> -s 2222 ssh://<target> - Custom SSH port</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt ssh://<target> - Multiple users</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>HTTP/HTTPS Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> http-get://<target>/login - HTTP GET</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> http-post-form://<target>/login:"user=^USER^&pass=^PASS^":"F=incorrect" - POST form</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> https://<target>/login - HTTPS</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt http-get://<target>/protected - HTTP basic auth</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>FTP Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> ftp://<target> - FTP attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt ftp://<target> - Multiple users</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -l anonymous -P passwords.txt ftp://<target> - Anonymous FTP</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>SMB Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> smb://<target> - SMB attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt smb://<target> - Multiple users</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt smb://<target>/share - Specific share</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>RDP Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> rdp://<target> - RDP attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt rdp://<target> - Multiple users</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>MySQL Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> mysql://<target> - MySQL attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt mysql://<target> - Multiple users</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>PostgreSQL Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> postgresql://<target> - PostgreSQL attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -L users.txt -P passwords.txt postgresql://<target> - Multiple users</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>VNC Brute Force</h2>
|
|
<ul>
|
|
<li>hydra -l <user> -P <wordlist> vnc://<target> - VNC attack</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hydra -p <password> vnc://<target> - Password only (no user)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Advanced Options</h2>
|
|
<ul>
|
|
<li>-e nsr - Try null password, same as login, reversed login</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-e n - Try null password</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-e s - Try same as login</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-e r - Try reversed login</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-M <file> - Target list file</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-C <file> - Colon-separated "login:pass" format</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-S - Use SSL</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-u - Loop around users, not passwords</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-x min:max:charset - Password generation (e.g., -x 6:8:aA1)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Examples</h2>
|
|
<h3>SSH Attack</h3>
|
|
<pre><code>hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100</code></pre>
|
|
<h3>HTTP POST Form</h3>
|
|
<pre><code>hydra -l admin -P passwords.txt http-post-form://target.com/login.php:"user=^USER^&pass=^PASS^":"Invalid"</code></pre>
|
|
<h3>Multiple Users SSH</h3>
|
|
<pre><code>hydra -L users.txt -P passwords.txt -t 4 ssh://192.168.1.100</code></pre>
|
|
<h3>FTP Attack</h3>
|
|
<pre><code>hydra -L users.txt -P passwords.txt ftp://192.168.1.100</code></pre>
|
|
<h3>SMB Attack</h3>
|
|
<pre><code>hydra -L users.txt -P passwords.txt smb://192.168.1.100</code></pre>
|
|
<h3>RDP Attack</h3>
|
|
<pre><code>hydra -L users.txt -P passwords.txt rdp://192.168.1.100</code></pre>
|
|
<h3>MySQL Attack</h3>
|
|
<pre><code>hydra -l root -P passwords.txt mysql://192.168.1.100</code></pre>
|
|
<h3>VNC Attack</h3>
|
|
<pre><code>hydra -P passwords.txt vnc://192.168.1.100</code></pre>
|
|
<h3>Wordlist Generation</h3>
|
|
<pre><code>hydra -l admin -x 6:8:aA1 http-get://target.com/protected</code></pre>
|
|
<h3>Output to File</h3>
|
|
<pre><code>hydra -l admin -P passwords.txt -o results.txt ssh://192.168.1.100</code></pre>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Use -t to adjust parallel tasks (higher = faster but more detectable)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -f to stop on first valid login</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -e nsr to try common weak passwords</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -V for verbose output to see attempts</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Always test on authorized systems only</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Lower -t value reduces detection but increases time</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -x for password generation when no wordlist available</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Combine -L and -P for comprehensive testing</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -o to save results for documentation</li>
|
|
</ul>
|
|
<ul>
|
|
<li>HTTP POST forms require proper syntax: "field=^USER^&field2=^PASS^":"error message"</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|
|
|