• Subscribe to the low volume list for updates.

Hydra Password Brute Force

THC Hydra examples for brute forcing passwords

Hydra continues to be a recognised and widely used method for brute force attacks for password cracking. The tool supports many protocols, a few of which are SSH, SMTP, IMAP, MONGODB, CISCO AAA, VNC, RDP amongst many others.

From the command line the basic syntax structure for brute forcing logins with username and/or passwords is as follows:

$ hydra -l username -P wordlist protocol host

this could look like this:

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh

or the same search using :// option

$ hydra -l admin -P wordlist /user/share/wordlists/rockyou.txt ssh:// 

The latest version of Hydra as at the time of this article is Hydra 9.4 released in Sept 2022.