Hydra is a password cracking tool that is supported only on Linux systems. The tool comes as a pre-installed feature on Kali Linux and Parrot versions. The installation process is very simple it only requires the utilization of a command to get the installation. In case that hydra doesn’t show up as a pre-installed gadget is necessary to use the following command which assures the installation of hydra in our machine:

Installing Hydra:

The installation process of Hydra is quite simple, it can be performed with the following command, that will install all the necessary packets that will be required to use hydra.

apt-get install hydra

Hydra Options:

The syntax handled by the tool is simple it calls the name of the tool followed by options, host and the service where it’s going to be directed as is shown in the example below:

hydra (options) host (service)

The main functions of hydra  are mostly focused on the utilization of two flags:

  • – l: Which can be used for the representation of the users selected to look for
  • -P: Which represents the password list that is going to be used as a dictionary to perform the attack

These two flags call a specific file that is going to be used as a guide to direct the attacks, an example of the syntax can be seen on the sentence shown below:

hydra -l user1 -P wordlist.txt smb 

The declaration of the service can be avoided from the syntax but it may help the cracking process if we require the information seeking process on a specific file. It may also be useful to be specific on the folders that contain the file that we want to crack so it will ease the process.

Creating your own wordlist:

The generation of wordlist to serve as a dictionary for the attack can be accomplished using a program called crunch, which generates several combinations of letters and numbers depending on the options you use for its configuration. This process is essential for the attacking process because it will serve as the key to the attack, testing different wordlist will improve the capacity of the brute-force attack.

Crunch installation process:

The process of installation for crunch can be performed by typing the following command:

sudo apt-get install crunch

After the process is finished we can use crunch to generate our text file or insert the character into another program, an example of this can be visualized on the picture shown below:

After the process is finished we can look for the file into the folder we have selected:

Testing Hydra:

Now we have explained the different characteristics involving hydra, we are going to show a few examples of attacks over servers using hydra, The first is an attack over an FTP server, once we have created the wordlist and we possess the IP address assigned to the server. The attack can look like this:

As can be seen on the picture above, we managed to get the password for one of the users configured on the FTP server.  On the example below, we repeat the process over an SMB service with the same results.

hydra -l user1 -P wordlist.txt smb:// 

Other methodologies:

The next step is directed to the possibility to crack the password of an email account. Usually, the email services are referred to an SMPT service. The SMPT services are where the email services are handled. Using hydra we can specify the port where this service handles the email as is showed using hydra to direct the attack to the port 565 of smtp.gmail.com.server which will serve as an example for the following command:

hydra -l jdoe@gmail.com -P /root/Desktop/wordlist.txt -S 565 smtp.gmail.com smtp 

The last Hydra flag that is going to be presented is the (-x) flag. At times, a user can possess a ridiculously long and complicated password that direct attacks cannot crack, however, there’s one method that all passwords fall victim to, brute-force attacks. In a brute-force attack, every combination is used to determine the password. The CPU processor determines the speed, but in the long run, the password will be cracked. Here’s how the brute force option is invoked in hydra:

hydra -l John Doe -x Shortest length: longest length: combinations host

All, but the latter are executable by use of a software called THC-Hydra (Hydra).

Final Considerations:

Passwords are indeed the most commonly used mode of authentication. Of course, the attacks could be directed to exploit the system itself but as personal experience, it is much easier to hack a specific account that is password protected or is located on a server.

This can compromise the whole system itself. There is a wide range of methods that can be applied to crack passwords.  Another tool that can be used to fulfill this purpose is John the ripper which resembles the scope of Hydra but focused on the test the integrity of passwords. However, the ones discussed previously include Bruteforce, Dictionary, and direct attacks on the people (Phishing, Social Engineering and users lack of knowledge). All, but the latter are executable by use of a software called THC-Hydra (Hydra). Hydra can be merged with a tool called Nessus which is used for vulnerability scanning and often calls Hydra to complete the process. Below is an example video of hydra used to perform different attacks:


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.