top of page

Beginners guide to bruteforce attack

Hey guys!! In today’s article we will see how we can use hydra tool to find the password to gain unauthorized access to a system remotely. In this article we will see different options of hydra tool.

Table of Contents :

  1. Introduction to bruteforce attack

  2. Introduction to hydra

  3. Syntax of hydra

  4. Cracking password (we know username)

  5. Cracking username (we know password)

  6. Finding both the credentials

  7. How it works

  8. nsr command option

  9. Save output to a file

  10. Attack on port number rather than default one

  11. xyhdra

Introduction to bruteforce attack

In bruteforce attack an attacker submits many username and password with the hope of guessing the right combination.The attacker creates a list of common username and password and then try different combinations to guess the right combination.You can make your own username and password list or you can find it in your Kali Linux OS in the folder:


Introduction to hydra

Hydra is password cracking tool which supports multiple protocols like ssh,ftp,mysql etc...

With the help of this tool an attacker can easily find the password and username and can gain unauthorized access very easily.

Protocols Supported:

Asterisk,AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Syntax of hydra

If we try to break down the syntax ,then in simple words we can say that we just have to provide the list of username and password and the port to attack on!

In the above screenshot we can see that there are many command options that we can use with hydra

Bruteforce password (we know username)

Let’s consider a scenario where we know the username but we have to crack the password . So without thinking of any other utility open up hydra.

I always recommend to use rockyou.txt (password list) for cracking the password

In this case username is “root” and we have used rockyou.txt password list to guess the correct password i.e. “987654321”

So the command is :

hydra -l root -P /usr/share/wordlists/rockyou.txt ssh

Bruteforce username (we know password)

Well this scenario looks a little weird where you the know the password but we don’t know the username,but no worries hydra is here to help us out in finding the right username for the corresponding password.

So the command will be:

hydra -L /root/user.txt -p 987654321 ssh

Bruteforce both username and password

In this scenario we don’t have any idea about the username or we decided to choose a list of username and password.Now hydra will try each username and password combination to found the valid one.

Command will be: hydra -L /root/user.txt -P /root/pass ssh

How it works!

We can use -V command options along with other options. -V option enables the debug mode or we can say with the help of -V we can see what is happening in the background and we can also see how many combinations are thereand what combination of username and password hydra has used to crack the credentials.

Command used : hydra -V -L /root/user.txt -P /root/pass ssh

We can also use -d command options to enable the debug mode so that we can see in more detail what’s going on in the background.

Command used : hydra -d -V -L /root/user.txt -P /root/pass ssh

nsr command options

NULL/Same as login/Reverse Login

By enabling this parameter we enable 3 options

1. NULL password

2. Same as username

3. Reverse of username

There can be a possibility of such kind of passwords.

As we can see in the below image:

1. Login : toor , pass : “toor”