thc-hydra is A very fast network logon cracker with a dictionary attack tool that supports many different services. You can use the thc-hydra tool for cracking the password. Many hackers love this tool due to its GUI and Cmdline interface.
If you are new to ethical hacking and don’t know how to use thc-hydra, still you can use it easily due to the GUI interface.
Dictionary attack tool thc-hydra Description:
According to the official website of thc-hydra, One of the biggest security holes is passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services.
Note: THIS TOOL IS FOR LEGAL PURPOSES ONLY!
There are already several login hacker tools available, however, none does Either support more than one protocol to attack or support panellized Connects.
Protocols supported by thc-hydra
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC, and XMPP.
How to use hydra in Kali Linux
Thc-hydra is available in Kali Linux already you don’t need to install or configure it. In Kali Linux hydra is available in two-mode Graphical and Command lines.
Graphical Interface of Hydra in Kali Linux:
The graphical interface is easy to use so let’s look at the graphical interface of hydra:
Step 1: Open hydra-gtk Go Application > Password attacks>Online Attacks > Hydra-Gtk
Step 2: Configure Hydra for Attack
Step 3: Set Target there are the following option is available:
- Single Target: Give the IP address of the Single target
- Target List: you can upload the file consist target list.
- Define Port: specify the port
- Protocol: Select protocol for attack
Step 4: Passwords In this tab you set the username and password and more…
- Username: Give the username if you know
- Username list: if you don’t know the username provide a file location consist multiple usernames
- Password: This option for a single password
- Password List: Here you provide the wordlist location
- Check on try login as password
- Check on Try empty password
- Check on Try reversed login
Step 5: Tuning:- Following options for this tab:
- Number Task: Repeat task
- Time out: configure timeout on not response
- Proxy: Set proxy if you are using it. Or leave by default No proxy
Specific: Leave the default
Start: Here you can start stop the attack and save the result
Command line Interface of Hydra in Kali Linux:
As in Linux command line have its own importance and value and most of the tools are available with a command-line interface for Linux, Hydra is one of them. to know more about the hydra just execute the following command
#Hydra –h
This command will show all options used with the hydra command.
You have many options on how to attack with logins and passwords
With -l for login and -p for the password, you tell hydra that this is the only
login and/or password to try.
With -L for logins and -P for passwords, you supply text files with entries.
e.g.:
hydra -l admin -p password ftp://localhost/
hydra -L default_logins.txt -p test ftp://localhost/
hydra -l admin -P common_passwords.txt ftp://localhost/
hydra -L logins.txt -P passwords.txt ftp://localhost/
Additionally, you can try passwords based on the log in via the “-e” option.
The “-e” option has three parameters:
s – try the login as a password
n – try an empty password
r – reverse the login and try it as a password
If you want to, e.g. try “try login as password and “empty password”, you
specify “-e sn” on the command line
Source: https://www.thc.org
https://github.com/vanhauser-thc/thc-hydra