Course Content
Introduction
0/6
Course Overview
Introduction to Kali Linux
Kali Linux – Installation and Configuration
Kali Linux – Information Gathering Tools
Kali Linux – Vulnerability Analyses Tools
Kali Linux – Wireless Attacks
Information Gathering
0/14
Dmitry – Deepmagic Information Gathering Tool
IKE Scan- Kali Linux
lbd – Tool to Detect Whether a Domain has Load Balancing Enabled
Netcat Tutorial Beginner to Advanced
Unicornscan – Network Scanning Tool
Fierce – Domain Scanning & Enumeration
OpenVAS – Open Vulnerability Assessment System
Nikto
WPScan : Scan WordPress Site for Vulnerability
CMSMAP – A SIMPLE VULNERABILITY SCANNER
Kismet – Wireless Network Hacking, Sniffing & Monitoring
Wireshark: A Complete Tutorial
Network Hacking – Information Gathering
Get information from a Phone Number 2020
Exploitation Tools
0/2
Beef Framework tutorial in Kali Linux
SET — The Social Engineering Toolkit
Password Cracking
0/7
Fluxion – Cracking WiFi without word list in Kali Linux
Aircrack-ng – Crack WPA/WPA2 WiFi
John the Ripper : Password cracking
THC Hydra – Email Hacking Tool in Kali Linux
FindMyHash – Dehashing Method in Kali Linux
RainbowCrack – A Password Cracking Tool
Social Engineering Toolkit – Kali Linux
Vulnerability Analysis
0/1
NMAP from Beginner to Advanced [Updated 2020]
Kali Linux
About Lesson

THC Hydra is a free hacking tool licensed under AGPL v3.0, widely used by those who need to brute force crack remote authentication services.

As it supports up to more than 50 protocols, it’s one of the best tools for testing your password security levels in any type of server environment.

It also provides support for most popular operating systems like Windows, Linux, Free BSD, Solaris and OS X.

Main features:

  • Ultrafast password cracking speed
  • Runs on multiple operating systems
  • Ability to launch parallel brute force cracking attacks
  • Module-based application allows you to add custom modules
  • Support for multiple protocols such as CVS, FTP, HTTP, HTTPS, HTTP-Proxy, IMAP, IRC, LDAP, MS-SQL, MySQL, etc.

Passwords

Passwords are arguably the most common method for authentication (probably is). Of course we could just go ahead and exploit the system itself, but in my experience it’s easier to hack a specific account, which is protected by a password, that’s on server then compromising a whole entire system itself. There are many different methods to crack passwords,but the ones discussed here are : Dictionary, Bruteforce, and People (Social Engineering, Phishing, People’s stupidity, all of the above).

All, but the latter can be attempted with a software called THC-Hydra (Hydra).

Hydra

Hydra is a password cracking tool that’s only on Linux (Sorry Window users). The tool itself is pre-installed on Kali Linux and Parrot, but if for some reason it’s not installed simply type:

apt-get install hydra

Once hydra is installed type:

hydra

Upon enter the help page should show up. For now we’re only interested in the -l flag and the -P flag.

The syntax for hydra is a follows:

hydra (options) host (service)

A simple example is:

hydra -l root -P wordlist.txt 127.0.0.1 smtp

The flag -l is for the username. The -P flag can be either -p, for a single password or -P, for a file containing words to try. You have to specify the whole path for the -P flag. After the options is the host’s Ip and the service. The service is optional to specify, but can be useful during a cracking procedure. A more realistic example is:

hydra -l root -P /root/Desktop/wordlist.txt 127.0.0.1

What if we’re trying to crack a email account password? This is where things get more interesting. Every email service has a service known as a smtp service. The smtp service is where the email process actually is. A simple example is the smtp.gmail.com 30 server. The port that the smtp service is actually running on varies from smtp service to another, but for smtp.gmail.com 30 the smtp service runs on port 565. The interesting part is that Hydra has flags that can specify a port and also the service. A example is:

hydra -l example@gmail.com -P /root/Desktop/wordlist.txt -S 565 smtp.gmail.com smtp

The last flag of Hydra that I will introduce in this tutorial is the -x flag. Sometimes the user has a ridiculously long and complicated password that dictionaries attacks have no effect, but there’s one method that all passwords are vulnerable to, bruteforce attacks. In a bruteforce attack every combination is used to figure out the password. The speed depends on the cpu processor, but in the end the password will be cracked. In hydra the bruteforce option is invoked like this:

hydra -l example name -x Shortest length: longest length: combinations host

A example for gmail would look something like this:

hydra -l example@gmail.com -x 5:8:A1 -S 565 smtp.gmail.com smtp

These are only some of the capabilities of Hydra.

Hope this article helpful for you. Thank You

If You Appreciate What We Do Here On Hackonology, You Should Consider:

Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.

Let's be a part of Hacker's Community! Join our Hacking Team

We Are Indian We Are Great

Previous
Next