Hydra 2022 update version 9.4
Updated Dec 2022:
The latest version of Hydra as at the time of this article is Hydra 9.4 released in Sept 2022.
Hydra continues to be a recognised and widely used method for brute force attacks for password cracking. The tool supports many protocols, a few of which are SSH, SMTP, IMAP, MONGODB, CISCO AAA, VNC, RDP amongst many others.
From the command line the basic syntax structure for brute forcing logins with username and/or passwords is as follows:
$ hydra -l username -P wordlist protocol host this could look like this: $ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt 10.10.10.10 ssh or the same search using
://option $ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh://10.10.10.10
Problems noted in post comparing hydra with ncrack and medusa have been addressed and after testing it can be confirmed these issues are no longer present.
CHANGELOG for 6.4
* Update SIP module to extract and use external IP addr return from server error to bypass NAT
* Update SIP module to use SASL lib
* Update email modules to check clear mode when TLS mode failed
* Update Oracle Listener module to work with Oracle DB 9.2
* Update LDAP module to support Windows 2008 active directory simple auth
* Fix to the connection adaptation engine which would loose planned attempts
* Fix make script for CentOS, reported by ya0wei
* Print error when a service limits connections and few pairs have to be tested
* Improved Mysql module to only init/close when needed
* Added patch from the FreeBSD maintainers
* Module usage help does not need a target to be specified anymore
* configure script now honors /etc/ld.so.conf.d/ directory