Some Special Flags
Example 1: Change The Number Of Threads
Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
Here we are changing the Thread Number to 5 and finding the correct username and password. The default thread of Hydra use is 16. We can change the value with the tag -t.
Example 2: Change The Port Number
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
Here we are adding the port number of the ssh server as 22 and we have also got the correct password ‘msfadmin’ and username ‘msfadmin’.
Example 3: Brute Forcing A List Of IPs
Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt -M ip.txt ssh -t 4
Here, along with brute-forcing usernames and passwords, we are also a brute-forcing list of IP addresses that contain more than one target server address.
Example 4: Miscellaneous
Type the below command on the terminal and hit Enter.
hydra -l msfadmin -P pass.txt 192.168.29.229 -V -e nsr ssh
For Enable Verbose Mode in Hydra, We can use -V. But user/system admins leave some passwords that need to be accounted for beyond the scope of our wordlists which can be included with the -e flag. Here you can see a command ‘nsr‘ where ‘n’ stands for null,‘s‘ stands for same, ‘r’ tries the reversed username as a potential password
Example 5: -V (Verbose Mode)
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -V
The verbose mode in hydra is used for checking in-depth and getting the output results in a more detailed manner. So for this detailed output retrieval, the -V flag is used.
Example 6: -e nsr flag example
Type the below command on the terminal and hit Enter.
hydra -L user.txt -P pass.txt 192.168.29.229 -e nsr ssh
Sometimes user/system admins leave some passwords that need to be accounted for beyond the scope of our wordlists which can be included with the -e flag. Here you can see a command ‘nsr‘ where ‘n’ stands for null, ‘s‘ stands for same, and ‘r’ tries the reversed username as a potential password. We got the output msfadmin username and password is msfadmin.
Example 7: -s flag example
Note: Example of Changing port number command is the same for this example
Type the below command on the terminal and hit Enter.
hydra -s 22 -L user.txt -P pass.txt 192.168.29.229 ssh -t 5
With flag -s we specify the port number here is port number is 22 and we are using it and got the output is a username is msfadmin and password is msfadmin.
Example 8: -h flag (To know more usage of Hydra )
Type This Command And Hit Enter:
hydra -h
-h flag is used to display the help menu of the hydra tool for a better understanding of the tool.
Hydra can be a pretty powerful tool when you want to brute-force ssh connections and can be coupled with several other flags to customize your attack. However, this must not be exploited to poke around with stuff you are not meant to and the users alone are accountable for their actions.
How to use Hydra to Brute-Force SSH Connections?
Let’s explore using Hydra to brute-force SSH. One of the most popular tools in a hacker’s toolbox is Hydra. It is a great tool for brute force attacks, and you can use it both as a blue team to audit and test ssh passwords against popular password lists like rockyou.txt and crack station wordlists and as a red team to break into computers.
Contact Us