Beginners guide to bruteforce attack

Hey guys!! In today’s article we will see how we can use hydra tool to find the password to gain unauthorized access to a system remotely. In this article we will see different options of hydra tool.


Table of Contents :


  1. Introduction to bruteforce attack

  2. Introduction to hydra

  3. Syntax of hydra

  4. Cracking password (we know username)

  5. Cracking username (we know password)

  6. Finding both the credentials

  7. How it works

  8. nsr command option

  9. Save output to a file

  10. Attack on port number rather than default one

  11. xyhdra


Introduction to bruteforce attack

In bruteforce attack an attacker submits many username and password with the hope of guessing the right combination.The attacker creates a list of common username and password and then try different combinations to guess the right combination.You can make your own username and password list or you can find it in your Kali Linux OS in the folder:

/usr/share/wordlists/


Introduction to hydra


Hydra is password cracking tool which supports multiple protocols like ssh,ftp,mysql etc...

With the help of this tool an attacker can easily find the password and username and can gain unauthorized access very easily.


Protocols Supported:


Asterisk,AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.


Syntax of hydra

If we try to break down the syntax ,then in simple words we can say that we just have to provide the list of username and password and the port to attack on!

In the above screenshot we can see that there are many command options that we can use with hydra


Bruteforce password (we know username)

Let’s consider a scenario where we know the username but we have to crack the password . So without thinking of any other utility open up hydra.

I always recommend to use rockyou.txt (password list) for cracking the password


In this case username is “root” and we have used rockyou.txt password list to guess the correct password i.e. “987654321”

So the command is :

hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.43.8 ssh


Bruteforce username (we know password)


Well this scenario looks a little weird where you the know the password but we don’t know the username,but no worries hydra is here to help us out in finding the right username for the corresponding password.

So the command will be:


hydra -L /root/user.txt -p 987654321 192.168.43.8 ssh


Bruteforce both username and password

In this scenario we don’t have any idea about the username or password.so we decided to choose a list of username and password.Now hydra will try each username and password combination to found the valid one.

Command will be: hydra -L /root/user.txt -P /root/pass 192.168.43.8 ssh

How it works!


We can use -V command options along with other options. -V option enables the debug mode or we can say with the help of -V we can see what is happening in the background and we can also see how many combinations are thereand what combination of username and password hydra has used to crack the credentials.

Command used : hydra -V -L /root/user.txt -P /root/pass 192.168.43.8 ssh

We can also use -d command options to enable the debug mode so that we can see in more detail what’s going on in the background.

Command used : hydra -d -V -L /root/user.txt -P /root/pass 192.168.43.8 ssh


nsr command options

NULL/Same as login/Reverse Login

By enabling this parameter we enable 3 options

1. NULL password

2. Same as username

3. Reverse of username

There can be a possibility of such kind of passwords.

As we can see in the below image:

1. Login : toor , pass : “toor”

2. Login : toor , pass : “”

3. Login : toor , pass : “root”

Save output to a file


We can save the output in a file,we just have to provide the exact path where we want to save the output.We save the output for future reference and for our record maintenance

Command used :

hydra -V -e nsr -L /root/user.txt -P /root/pass 192.168.43.8 ssh -o /root/Desktop/output


Bruteforce Attack on port number rather than default one

Due to security reasons there are chances that admin changes the

default port . Default port number is 22 but admin has changed it to something else . Now how you will apply bruteforce approach beacuse by default hydra attacks on port number 22 if it is SSH .


In this particular case ssh is now on port 60000 so now we will use hydra again in the same way but with a extra parameter and that is { -s }

-s specify the port number.

So command will be :

hydra -l root -P /root/pass -s 60000 192.168.43.8 ssh


Xhydra


Xhydra is same as hydra . hydra is CLI based tool whereas xhydra is a GUI based tool. Both works in same fashion.if you are a beginner in this field and it’s hard for you to remember the commands then you can use xydra very easily.


Just check in the options that you want to enable and set all the fields by providing the right information and then go to start tab to start the attack.

To set the password/password list please go to the Password tab .


So this was all about Bruteforce attack using hydra and xhydra.

Subscribe to HacLabs newsletter

Get priority notification on the release of the latest articles.

  • YouTube
  • Twitter
  • Instagram
  • Linkedin

© 2020 by HacLabs.