Pages: [1]

Author Topic: How does Hydra work?  (Read 1554 times)

0 Members and 1 Guest are viewing this topic.

Offline hackorbehacked

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
How does Hydra work?
« on: March 06, 2015, 03:51:31 pm »
Hey guys. I'm running Ubuntu 14.10 on my pc and got myself XHydra from Ubuntu Software Center. Now my question is ''How does it work?'' (I know what bruteforcing is I'm talking about hydra in specific). I don't want to crack anyone's account (I'm over that) but it will be interesting to know how Hydra works. You could also tell me which type of account can be cracked easily that I create an account there to test with.
I would be really thankful if you could show me how it works properly. I already googled it but they write only crap there.
 :) . I'm sorry if this sounds too nooby but I have only good intentions  ;) . If you have some good ebooks on this theme then they are also welcome.
« Last Edit: March 06, 2015, 03:53:11 pm by hackorbehacked »
Report to moderator   Logged

Offline KryDos

  • Serf
  • *
  • Posts: 42
  • Cookies: 8
  • Software Engineer, Emacs uesr
    • View Profile
Re: How does Hydra work?
« Reply #1 on: March 06, 2015, 04:28:28 pm »
Actually you can check source code of Hydra, it's opensource.

But, using simple words, hydra is working through pattern mathing. As far as I remember, when I used Hyndra, I needed to enter "Success pattern" or something like this. This pattern is HTML on the "Login is success" page and if hyndra found this pattern, after login request was sent, then login credentials are found.
Report to moderator   Logged

Offline ZiLOG

  • /dev/null
  • *
  • Posts: 14
  • Cookies: 4
    • View Profile
Re: How does Hydra work?
« Reply #2 on: March 07, 2015, 03:58:56 am »
Hydra is an online brute force password attack tool that can be utilized against many services, including ftp, http/https, ssh, teamspeak, telnet and vnc. In a pentest you would use an online password attack as a last resort (if ever) because such attack is extremely noisy to intrusion detection systems.

You can practice hydra in a home lab easily against any Linux distro running service such as OpenSSH daemon, which you need to install (Google it).

Basic syntax for running Hydra against ssh would look something like this (case sensitive):

Code: [Select]
hydra –l<user name> –P <name of the file containing word list> <host name or IP of the target> <name of service>
An actual example:
Code: [Select]
hydra -l root -P dict.txt 192.168.1.2 ssh
dict.txt is your word (dictionary) file. Ultimately you would want to create your own, but there are many already premade wordlists, look for them. Example: http://www.openwall.com/passwords/wordlists/

Let me know if you run into any issues testing hydra or have additional questions.

Z
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: How does Hydra work?
« Reply #3 on: March 07, 2015, 12:36:24 pm »
>Closed<

RTFM!  >:(
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage
Pages: [1]