How to use hydra to perform dictionary attacks

So I have been playing around with some vulnerable VMs (from the awesome Some of them have had ftp and ssh services running on them. So I have tried to make dictionary attacks against them.

First we need some dictionaries with passwords. Here is a great collection of dictionaries/password-lists

This is the basic syntax. So first we add the list with usernames. Then the list of passwords. Then the ip. Then we specify the port (-s) then the service (in this case ssh). -V is for verbose mode.
The -s is only needed if the service is on another port than the default.

hydra -L userlist.txt -P best1050.txt -s 45061 ssh -V

The man page is really quite useful.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s