Brute Forcing
Hydra
Extensible and flexible network based password guessing tool
hydra -u root -P passwords.txt ssh://m4lwhere.org # Single user with a list of passwords
hydra -U users.txt -p P@ssw0rd1 smb://files.m4lwhere.org # List of users with one password
hydra -u admin -p passw0rd -M windowsHosts.txt smb # One username and password across a list of Windows hosts on SMB
hydra -C creds.txt -M windowsHosts.txt smb # Used previously gathered creds in user:pass format across a list of Win hosts
Can trim wordlists using the pw-inspector
to reduce invalid passwords based on known password policies.
-i file
-o file
-m min password length
-M max password length
-c [criteria] min criteria for each password
-l [lowercase]
-u [uppercase]
-n [numbers]
-p [printable non l,u,n (!@#$%^&)]
-s [special chars, including non-printable]
Last updated
Was this helpful?