Tuesday, July 14, 21:16
Home how To THC Hydra: How to use password cracker

THC Hydra: How to use password cracker

THC Hydra password cracker: If you are dealing with its space security, then you probably haven't heard of THC Hydra. It is one of the most well known and effective password crackers while offering its users the opportunity to discover how they can protect their passwords from relevant attacks.

It's fast, flexible, and easily configurable. Unlike other password crackers, it supports a wide range of protocols such as:

  • Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,
  • Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec,
  • Rlogin, Rsh, RTSP, SAP / R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1 + v2 + v3, SOCKS5,
  • SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

How to install it

The first step to install Hydra password cracker, is to download the relevant project from GitHub and compile:

$ git clone https://github.com/vanhauser-thc/thc-hydra
$ cd thc-hydra /
$ ./configure
$ make
$ Make install

In Debian / Ubuntu versions to install the required libraries run the following command:

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ firebird-dev libncp-dev

Instructions and related details with Hydra for Windows you can find here. Download it all archive, unzip the folder and finally run hydra.exe.

THC Hydra password cracker

How to use it

To see all the available tool commands, type hydra in a terminal.

hydra [[[-l LOGIN | -L FILE] [-p PASS | -p FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-w TIME] [-f TIME] [-f] [-s PORT] [-x MIN: MAX: CHARSET] [-SuvV46] [service: // server [: PORT] [/ OPT]]

Examples of different commands you can run, depending on the attack protocol, can be found below:

Find a password for a specific username

As we have already mentioned, Hydra is a very powerful tool, capable of working together with different protocols. For example, if you want to crack the ftp password for a specific username, you can use dictionary attack. These attacks usually use a dictionary / dictionaries containing the passwords most frequently chosen by users, as well as a multitude of alphabet words. The -l parameter is used to declare a specific username and -p to declare the dictionary file:

hydra -l raj -P pass.txt ftp

Find a username for a specific password

In the opposite case, where you own it password and you want to check which username (for ftp service or some other) corresponds you can use the same dictionary attack technique:

hydra -L user.txt -p 123 ftp

Find a username and password

Combined, if you want to find a username and password (for ftp service or some other) you can run the following again with the technique dictionary attack. The -L parameter activates the dictionary mode for possible usernames and -P for possible passwords.

hydra -L user.txt -P pass.txt ftp

THC Hydra

Save result to disk

For maintenance and reading purposes, you can record the results of the Hydra commands in a file. For this reason, use the -th parameter and then the desired file title:

hydra -L user.txt -P pass.txt ftp -o result.txt

Continuing the attack

Many times an attack can be stopped or a block canceled, so using the -r parameter you can continue the attack by running the last failed command instead of starting at the beginning:

hydra -L user.txt -P pass.txt ftp
hydra -R

Attack on a specific door

Network admins often change the number of one service door to another. In the previous cases where we looked at ftp service, Hydra ran the attack on the 21 door, its default door ftp.

However, by using the -s parameter you can run the attack by selecting the number of the door you want to control, not the default service door:

hydra -L user.txt -P pass.txt ftp -s 2121

Attack on many hosts

To run dictionary attack on usernames and passwords for multiple hosts on network, select the -M parameter. This parameter allows you to set a list of multiple hosts to attack:

hydra -L user.txt -P pass.txt -M hosts.txt ftp

The -F parameter will allow you to end an attack on multiple targets only in the first match:

hydra -L user.txt -P pass.txt -M hosts.txt ftp -V -F

How did the Hydra password cracker look like? Will you try it?



Please enter your comment!
Please enter your name here

Here's the crazy ones, the misfits, the rebels, the troublemakers ...


Spotify: Finally reshaping its podcast charts

Spotify is reshaping its podcast charts to help listeners find new shows and watch local news ...

Find out if you have been hacked and what to do about it

Hacking attacks are a daily occurrence with many victims worldwide. Everyone is vulnerable to cyber hackers, but the threats do not ...

ISIS accounts continue Facebook propaganda

According to a new research, some accounts connected to the terrorist group ISIS, still exist on Facebook, without becoming ...

US and UK: Dealing with major cyber attacks

The United States, the United Kingdom, India and Germany have experienced many "significant" cyber attacks over the past 14 years, ...

Google Meet: New security settings for training meetings

New security features are coming into the Google Meet video chat app for education subscribers' teleconferencing.

Technology companies against the deportation of foreign students from the USA!

Technology giants such as Google, Microsoft and Facebook, as well as many other technology companies, have joined the US Chamber of Commerce, ...

Microsoft announces new features in ATP for Azure Storage!

Microsoft announced today that Advanced Threat Protection (ATP) for Azure Storage now enables customers to protect ...

The UK is on the alert for cyber attacks from China

The United Kingdom must be vigilant about possible cyber attacks by countries such as China, government ministers have said.

Linux 5.8-rc5: Will be released with terminology changes

On July 4, Dan Williams proposed changing the special terms of Linux, with new names ...

Belgium: Jackpotting attack on Argenta bank ATM

Argenta Bank, based in Antwerp, Belgium, has been the victim of a jackpotting attack. Is...