Hydra (specifically THC-Hydra) is the legendary “online” password cracking tool. For your PenTest+ studies, it is crucial to understand the difference between Hydra and tools like Hashcat orJohn the Ripper.
While Hashcat and John crack hash values offline on your own hardware, Hydra cracks passwords online by actually sending login attempts to a live network service over and over again.
Why It’s a Staple Tool
As an IT professional, you are intimately familiar with management protocols like SSH, RDP, FTP, and Telnet. Hydra is designed to hammer those exact protocols.
-
Protocol Support: It supports over 50 protocols, including HTTP/HTTPS forms, SMB, databases (MySQL, Postgres), and standard remote access services.
-
Parallel Execution: It opens multiple connections at once, allowing you to test thousands of passwords per minute against a target.
-
Flexibility: You can provide it a single username and a massive list of passwords, a list of usernames and a single password (Password Spraying), or lists for both.
💻 Common Commands (#clitool)
When building a Hydra command, -l (lowercase) is for a single login name, while -L (uppercase) is for a list of names. The same applies to passwords (-p vs -P).
| Command | Description |
|---|---|
hydra -l admin -P rockyou.txt ssh://[Target_IP] | Basic Brute Force: Tests the user “admin” against an SSH server using the rockyou.txt password list. |
hydra -L users.txt -p Password123! rdp://[Target_IP] | Password Spraying: Tests a single, common password against a list of users on an RDP server. |
hydra -l admin -P passes.txt [Target_IP] http-get /admin | Web Auth: Brute-forces a basic HTTP authentication prompt on a web server. |
THC-Hydra
📝 Overview
What it is: A parallelized network logon cracker built to brute-force authentication services. Target Phase: attack / Enumeration Operating System: linux (Native to Kali/Parrot)
⚙️ Core Capabilities
- Online Cracking: Interacts directly with live services rather than cracking hashes locally.
- Massive Protocol Support: Works against SSH, FTP, HTTP, SMB, RDP, Telnet, and many more.
- Custom Routing: Can route attacks through proxies if you need to hide your origin IP.
⚠️ Notes for the Vault
- Account Lockouts: Because Hydra actively hits the target system, it is very “noisy” and will quickly trigger account lockout policies if you aren’t careful.
- Speed: Network latency and the target server’s response time dictate the speed. It will always be significantly slower than offline hash cracking.
🏷️ Tags
attack BruteForce OnlineCracking Hydra linux clitool PenTestPlus