Anecdota

Laughter is the Best Medicine

Crack Passwords – Hydra – Dictionary Attack


what is up youtubers I am back with
another video and today we’re going to go over hydra and we’re going to do some
brute force cracking because it can be very fruitful in your venture and pit
and testing a lot of times users very use very weak passwords and simple
brute-force attacks can gain access can allow you to gain access so without
further ado let’s just jump into it and get going all right
so hydra camera is a command-line tool but there’s also a GUI front-end i
generally prefer to use the it kind of depends on the situation a lot of the
times I end up using the GUI interface through sparta that’s because I just
already use sparta to do a lot of enumerated so it’s just handy if I’m
already in there to just fire it off but in some instances if I’m trying to do
specialized tax very focused attacks I’ll do it through command line and
often I will run multiple Hydra sessions for specific users that way I’m getting
more productivity out of it in a certain amount of time but anyways we’ll get
into that a future video that’s more advanced cracking but for basics let’s
just get started and type Hydra and we can see here are our command-line
options so feel free pause the video take a read have fun I’m going to go
ahead and just type in the command that I like to use so we’re going to start
off with Hydra we’re going to do – s where our port and we’re going to in
this video we’re going to be cracking SSH so that’s going to be port 22 we’re
going to do – lowercase V and I will show you the difference
between a lower base lowercase V in a uppercase v it basically is the amount
of verbosity you’ll get back let’s see alright
so dennis q is supposed to stop errors but seems like it doesn’t work for me
anyways so i’m going to – capital L because this is going to capital L means
you want to use a login or excuse me capital L means you want to use a file
full of logins if you were to use a lowercase L you would then type one
login name here so for example if you wanted to just try to crack the root
login you would do a lowercase L root let’s say you had a whole bunch of users
that you were trying to crack and you had them in a file like I do um actually
I’m in the wrong folder so let’s go alright let me get rid of this old file
okay so I had a password file and I basically just ripped out all the user
accounts and just created this file here that’s basically just each user account
on one line and then I’m going to feed this into Hydra and it’s going to try to
crack all of these accounts alright so let’s get back to where we were
port 22 low verbosity quiet airs a user file and that file name is password and
then we’re going to do a password file we’re going to do user share wordless
rock you mmm um then we’re gonna do e and then n means we’re going to try
our logins with no password s means we’re going to try the password we’re
going to try the login name as the password and then our means we’re going
to try the login reversed as the password attack T that is going to be
how many threads you spawn I’m in this instance I’m just going to launch 9
threads attack W 5 that’s basically going to be your timeout
so we want to wait 5 seconds and then you’re going to do your host IP in this
instance I just have SSH running on my local host here and then the protocol
SSH and that could be FTP any protocol that hydra supports all right so we’re
going to go ahead and hit enter this is going to take a little bit of time so
I’m going to speed up the video a little bit but I’m just going to let this run
with the lowercase V so you see what kind of output you get with that once
it’s finished then we’ll do it again with the uppercase v so you can see the
high verbosity alright so let’s get going you all right so now let’s do the same
command but this time with the capital V and let’s run it you and there we have it the very last
password cracked so as you can see by doing the capital V it shows you every
single login attempt and that can be very helpful if you’re trying to debug
or confirm that it’s actually doing what you think it should be doing because you
want to make sure it’s trying the passwords because if it’s not trying
them you could be messing out all right guys so that’s going to do it for this
video be sure to LIKE and subscribe and come back to watch more videos and I
will see you guys next time

79 thoughts on “Crack Passwords – Hydra – Dictionary Attack

  1. Suggestions: responder, bettercap, setoolkit, beef, burp suite… Or any other tools you find essential
    Great videos mate! Love to watch

  2. Hey, sorry, noob talking. I didn't quite understood wether you were brute-forcing a folder on your computer or a website protected by a password. Could you light me up here ?

  3. Am trying to brute force using hydra with cmd on windows, but I get 0 valid passwords. I even copied and pasted the codes here https://automatetheplanet.com/thc-hydra-password-cracking-by-examples/ went through the example exactly as instructed but still 0 valid password. Am using hydra 8. Pls help me.

  4. When I tried this onto a computer (mac) on my network it ended up saying permission denied. How do I get permission? Is it due to them having a firewall on their computer? Extra info: Im using terminal via Mac.

  5. Hi don't understand how shut i create that file with facebook user. Can u help with this ? What you using facebook link of profile or what type of file you create there ?

  6. Can you give a legitimate link to download THC Hydra? I'm using this for an assignment and will probably need further assistance but I'll try and activate it on my own.

  7. my instagram was hacked, and I can't get it back because I forgot my sign up email and I'm sure the hacker changed it. I need to hack into my account, and I want to delete the account permanently. Is there any way I can do this?

  8. i want just do a bruteforce attack on PC it sounds easy , i need to build a program for this cuz i cannot find a program already builded

  9. Ip address doesn’t work for me i did the same as you because I am also on a vm and I did if config and saw same ip as u

  10. Im a dumb idiot. Can someone please explain to me what passwords did he hack. Was it gmail passwords or fb or something else. And what can you hack with this method. Please explain

  11. Hey please please please could you help me bro??? my insta is @Uxooooo and my snap is Uxoooooo (6 o’s) my snap randomly logged me out and i want to know how to get back into it i’d really really appreciate if you can help im literally desperate

Leave a Reply

Your email address will not be published. Required fields are marked *