top of page

Online Password Cracking using Hydra

Online password attacks can be performed using Hydra. Actually, Hydra is an online password guessing tool that can be used to test usernames and passwords for running services. Hydra can be used in both interfaces GUI (Graphical User Interface) as well as CLI (Command Line Interface).




Deliverable 1:


Lab Set up

  • Virtualization using Oracle Virtual box

  • Attacker’s System: Kali Linux

  • Target System : Metasploitable 2


In Kali Linux --> Terminal


To perform online password attack to a particular port of the system with the help of wordlist of usernames and passwords using Hydra command line interface.


~# hydra –L [username_list.txt] -P [password_list.txt] [target_ip] [port_name]

Here, hydra --> online password cracking tool

-L --> login file

[username_list.txt] --> wordlist file of the potential usernames

-P --> password file

[password_list.txt] --> wordlist file of the potential passwords

[target_ip] --> IP address of the target system

[port_name] --> name of the port to be attacked (e.g. ftp, http, etc.)


The above command will try to crack the password for a particular port on the target using wordlist of potential usernames and passwords.




Deliverable 2:


Lab Set up

Attacker’s System: Kali Linux

Target System: Metasploitable 2


To perform online password attack to a particular port of the system with the help of wordlist of usernames and passwords using Hydra Graphical User Interface.


In Kali Linux System

--> Applications

--> Kali Linux

--> Password Attacks

--> Online Attacks

--> hydra-gtk


Now under ‘target’ tab, provide the information needed like IP address of single target, port number and protocol. Tick ☑ on ‘Be Verbose’ and ‘show Attempts’ to see the background process. Now under password tab, a single username and password can be provided or the wordlist files of potential username and password can be provided. Then under ‘Start’ tab, click on the start button.


This will try to crack the password for a particular port on the target.




Note: The sample wordlist to be used for above exercise can have following words. You can make your own too.


Sample wordlist for username:

Parag

Abc

msfadmin

admin

12345



Sample wordlist for password:

Tailor

Xyz

msfadmin

password

987456


 © InfoSec Tutorials by Parag Shimpi 2019

  • Facebook Clean Grey
  • Twitter Clean Grey
  • LinkedIn Clean Grey
bottom of page