Brute Force

Hydra

Global Options

-l : user -L : a list of users`` file -p : password -P : a list of passwords`` file -t : nb of tasks per target (default: 16) -o : output file -b : specify the format for the -o file (default: txt) -f : exit when a login/pwd is found -M : a list of hosts`` file ``-I : ignore an existing restore file -R: restore an aborted session. Requires an hydra.restore file. Options can be changed by setting them after -R -S : connect via SSL -u : do all users for 1 password instead of all password for each user. -c : the wait time by second per login attempt

Supported services: adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp radmin2 redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp

SSH

hydra -l john -P list.txt target_ip ssh

Web Form

hydra -L userlist.txt -P pwdlist.txt 192.168.10.10 http-form-get "/login:user=^USER^&password=^PASS^:Failed" -t 8 -o results.txt

FTP

hydra -l john -P list.txt target_ip ftp

MySQL

hydra -l john -P list.txt target_ip mysql

RDP

hydra -l john -P list.txt rdp://target_ip

Curl

Basic Auth

curl -v -X GET 'http://target.com/login?username=admin&password=password'

subEnum

./subenum.py -w subnames.txt -d hackthissite.com