What is THC Hydra?
THC Hydra is a password-cracking tool that supports a wide range of network protocols like FTP, LDAP, most HTTP methods like GET and POST, databases like MySQL, and much more. These functions make it a handy tool for network penetration testing. When it comes to credential brute-force attacks, Hydra is one of the most widely used tools. This post will demonstrate the usage of Hydra and which commands need to be used to do this.
There are two tools included in the Hydra package -
- Hydra - The fast network log-on cracker
- Pw-inspector - Reads passwords in and prints those that meet requirements
Hydra can be used to brute-force the password of network routers and other services. With the help of suitable wordlists, Hydra can crack the passwords of a wide range of network routers and devices.
Steps to crack the password with THC Hydra
Cracking passwords is made much easier with such a large number of network appliances on the internet and across corporate networks being configured with default usernames and passwords or with weak credentials just for the sake of convenience. This is a bad practice, making Hydra very useful in finding such vulnerabilities during pentests. Hydra is used to crack FTP server passwords in this tutorial, but one can crack passwords of network routers and various network appliances using a similar process.
It’s worth noting here that having a good wordlist is a must for successfully brute-forcing the password. Often, default passwords change, so it’s a good idea to keep them updated from resources like the SecLists repository.
Tip: To get an overview of all the commands, options, and flags that can be used with this tool, use the man hydra command to read the man page of Hydra.
First, scan the ports of the target network using a port scanner like Masscan, which has better performance and is faster if the target infrastructure is large, or Nmap.
Launch the terminal for entering the commands.
For this tutorial, let’s use Nmap. Use the Nmap command - Nmap 192.168.1.1, replacing the given IP address with the target’s (FTP server) IP address.
After the Nmap scan is complete, note the open ports and services running on the host. In this case, the FTP service (port) is open.
Run the Hydra command to brute force the credentials of this FTP server - Hydra -l admin -P password.txt -v -f 192.168.1.1 FTP
Explanation of the above command:
- The -l flag is used for specifying the login user name. In this case, the username admin is used, one of the default usernames commonly used across servers and network appliances. However, if that’s not the case, use the -L flag in the command instead, and specify a wordlist consisting of commonly used usernames when the only option is to guess the username.
- Specify the password wordlist using the -P flag of the command.
- The -v flag is optional for verbose mode. This flag outputs the login attempts.
- Specify the IP address of the target being attacked, which in this case is the IP address - 192.168.1.1
- Finally, specify the service whose port is open. In this case, it’s the FTP service (other services are HTTP-get and so on)
- This process should take some time, as Hydra goes through the specified username and password combinations from the specified wordlists and tries to log in. If Hydra detects a successful login, it will output the discovered credentials to the terminal.
Note: Sometimes, there may be a rate limit on the target service to prevent brute-force attacks, leading to account lockouts; thus, the attack fails.
As mentioned earlier, Hydra supports various network appliances, services, and protocols, and hence, one can use it for cracking almost any type of password. This can be useful for both internal and external network penetration tests.
To read more free articles, sign up to Cybrary by clicking on the Sign-Up button in the top right. Sign up for the Network engineer course to learn more about network security in-depth and gain more skills.