How To Use Hydra-GTK – Bruteforce Online Password (Website,SSH,Port)

Hydra (better known as “thc-hydra”) is an online password attack tool. It brute forces various combinations on live services like telnet, ssh, HTTP, https, smb, SNMP, SMTP, etc. Hydra supports 30+ protocols including their SSL enabled ones. It brute forces on services we specify by using user-lists & wordlists. It is available for various platforms including Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX and QNX/Blackberry. Hydra works in 4 modes:

  • One username & one password
  • User-list & One password
  • One username & Password list
  • User-list & Password list

Install Hydra on Linux, from repositories

If you don’t mind about the version, or don’t need the features on the newest version. On Debian 9 you can install Hydra from the repositories.
sudo apt-get install hydra-gtk
This installs the command line version along with the front end GUI.

Pentesters use this tool to test/audit the password complexity of live services mostly where direct sniffing is not possible. We discuss the GUI of the tool in the following tutorial.

Target- Settings of various target options

Passwords – Specify password options & wordlists

Tuning – Specify how fast should hydra work. Other timing options are also available.

Specific – For testing on specific targets like a domain, https proxy, etc.

Start – Start/Stop & shows the output.

Breaking ssh with wordlist attack – Hydra

Step 1: First, open up your xHydra(in Kali Linux go applications-password attacks to find xhydra in kali) or open the terminal and type xhydra.

We try to break an ssh authentication on a remote has who has IP address 192.168.0.78. Here we do a wordlist attack by using a wordlist containing most common passwords to break into the root account.

Step 2: Set Target & protocol in the target tab.<here 192.168.0.78><use your target>

Step 3: Set the username as root & specify the location for a wordlist in passwords tab.

Note: Kali Linux comes with built-in wordlists. Search them using the command: locate *.lst in terminal.

command: locate *.lst

Other wide ranges of wordlist ranging up to 3GB or more are available on the internet. Just google for 5 minutes.

Step 4: Set no of tasks to 1 in tuning tab since this will reduce congestion & chance of detection. But takes longer to complete. This is also necessary to mitigate the account lockout duration.

Step 5: Start the thc-hydra from Start tab.

Step 6: Scroll Down & Wait until the password gets cracked

If you are facing any feel free to comment here, thanks.

Leave a Reply