Beginners guide to bruteforce attack
Hey guys!! In today’s article we will see how we can use hydra tool to find the password to gain unauthorized access to a system remotely. In this article we will see different options of hydra tool.
Table of Contents :
Introduction to bruteforce attack
Introduction to hydra
Syntax of hydra
Cracking password (we know username)
Cracking username (we know password)
Finding both the credentials
How it works
nsr command option
Save output to a file
Attack on port number rather than default one
xyhdra
Introduction to bruteforce attack
In bruteforce attack an attacker submits many username and password with the hope of guessing the right combination.The attacker creates a list of common username and password and then try different combinations to guess the right combination.You can make your own username and password list or you can find it in your Kali Linux OS in the folder:
/usr/share/wordlists/

Introduction to hydra
Hydra is password cracking tool which supports multiple protocols like ssh,ftp,mysql etc...
With the help of this tool an attacker can easily find the password and username and can gain unauthorized access very easily.
Protocols Supported:
Asterisk,AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Syntax of hydra

If we try to break down the syntax ,then in simple words we can say that we just have to provide the list of username and password and the port to attack on!
In the above screenshot we can see that there are many command options that we can use with hydra
Bruteforce password (we know username)
Let’s consider a scenario where we know the username but we have to crack the password . So without thinking of any other utility open up hydra.
I always recommend to use rockyou.txt (password list) for cracking the password

In this case username is “root” and we have used rockyou.txt password list to guess the correct password i.e. “987654321”
So the command is :
hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.43.8 ssh
Bruteforce username (we know password)
Well this scenario looks a little weird where you the know the password but we don’t know the username,but no worries hydra is here to help us out in finding the right username for the corresponding password.
So the command will be:

hydra -L /root/user.txt -p 987654321 192.168.43.8 ssh
Bruteforce both username and password
In this scenario we don’t have any idea about the username or password.so we decided to choose a list of username and password.Now hydra will try each username and password combination to found the valid one.
Command will be: hydra -L /root/user.txt -P /root/pass 192.168.43.8 ssh

How it works!
We can use -V command options along with other options. -V option enables the debug mode or we can say with the help of -V we can see what is happening in the background and we can also see how many combinations are thereand what combination of username and password hydra has used to crack the credentials.

Command used : hydra -V -L /root/user.txt -P /root/pass 192.168.43.8 ssh
We can also use -d command options to enable the debug mode so that we can see in more detail what’s going on in the background.
Command used : hydra -d -V -L /root/user.txt -P /root/pass 192.168.43.8 ssh

nsr command options
NULL/Same as login/Reverse Login
By enabling this parameter we enable 3 options
1. NULL password
2. Same as username
3. Reverse of username
There can be a possibility of such kind of passwords.
As we can see in the below image:
1. Login : toor , pass : “toor”