When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules.
For downloads and more information,
visit the THC Hydra homepage.
I am trying to brute force a Login.aspx page. It has two text fields - txt_Username and txt_Password The form submit however looks like this:
<input type="submit" name="btn_Login" value="Login" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btn_Login", "", true, "", "", false, false))" id="btn_Login" class="btn btn-success">
On wrong login, there is a popup which shows the message Wrong User Name or Password. I have a correct username and password for testing. I put that, along with few wrong passwords in mostcommon.txt file. I ran the below command:
.\hydra -V -l 10026 -P mostcommon.txt -o
found.txt xxx.yyy http-post-form “/Login.aspx:txt_Username=^USER^&txt_Password=^PASS^:Wrong"
However, I get all 5 passwords as valid. What am I doing wrong? Any help would be much appreciated.
If you want to use Hydra I would just recommend getting an iso of Kali linux just go to Kali.org and download the iso file and burn it i'm pretty sure people are gonna get mad at this comment this is just a suggestion.
Привет народ) Перебор по словарю? Серьёзно? А есть более ПРОДВИНУТЫЕ способы? Например через OS pentest (penetration testing) Ах да, с России есть кто? :-)
I notice that some people on this comment page are just asking to access an email account or a game account. keep in mind that THC Hydra brute forces using a dictionary attack, meaning that a file with a bank of common passphrases is run through by the program, to crack an authentication service. You can't just expect it to plug into an auth. service and instantly crack the password, unless you give it limitations (I'm assuming, because I use aircrack-ng with crunch), so it knows where to look. I recommend that you read the README file included. If you don't understand what it says, then... I don't know, man.
Hello Epic Hacker, i would like to catch back the gmail of our association, which has been blocked. There is the work of the association since 2007. So please could you help ? Thanks
Hello Epic Hacker, I would like to hack a game called Animal Jam, A player i wanna hack, there username is lolyogo101, i want to go on her account and ruin it.
I have used Cygwin to install Hydra 8 on my Windows 7 OS, however, when using the "./xhydra" command, I receive this error: "Gtk-WARNING **: cannot open display". Any advice?
Hi There :
I have try to hack my own gmail account so i try to put the right username and a list in passowrd include the right one i execute the command :
Hello Friends, I am looking for big big bank accounts. I heard this tool is good for hacking mad stacks so please inquire me as to send this money towards my funds and Thank You.
I have been using this for my internal ethical hacking tasks to brute force telnet access to Cisco network devices (routers, switches etc) with great success. It is very fast and stable tool. Have been using it on Kali Linux lately.
I have a problem, I was instaling hydra using a guide from google, i did everything but when i enter the place in cmd where I puted hydra files it says it cant finde path but i did everything.... my mail is mr.black056@gmail.com if anyone can help me install hydra, to explain me from skratch how to do it
I have used Cygwin to install Hydra 8 on my Windows 7 OS, however, when using the "./xhydra" command, I receive this error: "Gtk-WARNING **: cannot open display". Any advice?
I'm amazed of the many protocols supported, and its fast! a windows gui would be great though
Your comment
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).
7
I cant believe the comments her lol sooooooo fucking stupid. Except you kamalakkannan. You are awsome.
THC website is DEAD 25443222223334444444444444r4rtsdtttt
THC Site link is dead. 23242526272829303132333435363738394041424344454647484950
hai sir i am a kamalakkannan from india not hack a gmail account how to hack a gmail account with out pass list
Heya, Anyone know how Hydra determines attack speed? Using my PC i can get anywhere between 75 -150 per minute. How many per minute will a Pi do?
I am trying to brute force a Login.aspx page. It has two text fields - txt_Username and txt_Password The form submit however looks like this:
<input type="submit" name="btn_Login" value="Login" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btn_Login", "", true, "", "", false, false))" id="btn_Login" class="btn btn-success"> On wrong login, there is a popup which shows the message Wrong User Name or Password. I have a correct username and password for testing. I put that, along with few wrong passwords in mostcommon.txt file. I ran the below command:
.\hydra -V -l 10026 -P mostcommon.txt -o found.txt xxx.yyy http-post-form “/Login.aspx:txt_Username=^USER^&txt_Password=^PASS^:Wrong" However, I get all 5 passwords as valid. What am I doing wrong? Any help would be much appreciated.
the amount of idiots on here who've just learned about XSS lol, i'm sure it'll work if you try hard enough!
WoW this commentsection page is actually not dead!?!? Well that is quite impressive actually :)
If you want to use Hydra I would just recommend getting an iso of Kali linux just go to Kali.org and download the iso file and burn it i'm pretty sure people are gonna get mad at this comment this is just a suggestion.
<img src = "ffadf.com" onerror = "alert(1)"></img> sup basdfasdfasdfasdfasdfasdfasdfasddd
<script>alert()</script>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A nu cheeki 🅱️reeki
сука блять
Привет народ) Перебор по словарю? Серьёзно? А есть более ПРОДВИНУТЫЕ способы? Например через OS pentest (penetration testing) Ах да, с России есть кто? :-)
I notice that some people on this comment page are just asking to access an email account or a game account. keep in mind that THC Hydra brute forces using a dictionary attack, meaning that a file with a bank of common passphrases is run through by the program, to crack an authentication service. You can't just expect it to plug into an auth. service and instantly crack the password, unless you give it limitations (I'm assuming, because I use aircrack-ng with crunch), so it knows where to look. I recommend that you read the README file included. If you don't understand what it says, then... I don't know, man.
HOW IAM USING THIS GIVE TO ME SOME MORE IMFORMATIONS PLEASE
good program good program good program good program
i need to get a password of a forgotten email address its of a friend av tried but cant managecan i get help
ssasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasassasa
great website never seen alike hope to see you all in forum bye now
How we can use big wordlist on Hydra Mine shows an error maximum allowed password 50000000 But mine is more than that
please i want to instal kali linux on my pc any link pls
and please i need a hacker who can hack account in usa
pls contact me01275380062
Hello Epic Hacker, i would like to catch back the gmail of our association, which has been blocked. There is the work of the association since 2007. So please could you help ? Thanks
Hello Epic Hacker, I would like to hack a game called Animal Jam, A player i wanna hack, there username is lolyogo101, i want to go on her account and ruin it.
please i want to instal kali linux on my pc any link pls
and please i need a hacker who can hack account in usa
pls contact me +2348138015692
I have used Cygwin to install Hydra 8 on my Windows 7 OS, however, when using the "./xhydra" command, I receive this error: "Gtk-WARNING **: cannot open display". Any advice?
I use THC-Hydra on my Raspberry Pi 3 with a copy of Kali Linux and its great easy and worth it!
try installing xhydra on you Linux from the software center its easier to use and works!
Hi There : I have try to hack my own gmail account so i try to put the right username and a list in passowrd include the right one i execute the command :
hydra smtp.gmail.com smtp -l (MY ACCOUNT@gmail.com) -P worldlists/passwords.lst -s 465 -v -V
when it's finish the account pass doesn't exist
PLEASE HELP ME
</p><script>alert('Hail Hydra') </script> <p>
"<script>alert('Hail Hydra') </script> <p> "test this concept out lol
hydra is dead? Why latest release 8.1 Dec. 8, 2014? =(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hello Friends, I am looking for big big bank accounts. I heard this tool is good for hacking mad stacks so please inquire me as to send this money towards my funds and Thank You.
HAIL HYDRA HAIL HYDRA HAIL HYDRA HAIL HYDRA HAIL HYDRA <script> alert('Hail Hydra') </script>
can anyone tell me how to install hydra 8.1. I am not finding any exe file. please help me
Would anyone be willing to crack a password for me? I have the IP already.
Find this to be almost always quicker than ncrack.
Please send me a direct link to the actual download not any ads or surveys.
Can you please make a website for this, that we can do off of a website
Suggest changing the link in the main article as Hydra has moved to a GitHub server. https://github.com/vanhauser-thc/thc-hydra Your welcome :)
Hey Dekota Coppler, your link to the site you gave has expired, there's no download there mate.
I used this to hack into Mr. Diamonds email
LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL
The download links not working. Plz provide another link, or email me the apk.
I have been using this for my internal ethical hacking tasks to brute force telnet access to Cisco network devices (routers, switches etc) with great success. It is very fast and stable tool. Have been using it on Kali Linux lately.
I have a problem, I was instaling hydra using a guide from google, i did everything but when i enter the place in cmd where I puted hydra files it says it cant finde path but i did everything.... my mail is mr.black056@gmail.com if anyone can help me install hydra, to explain me from skratch how to do it
For anyone interested in using hydra for your android phone I made it extremely simple..
Download the hydra standalone android app here
http://droid-hacks.com/uhydra.apk
Its hydra compiled under ARM with a unique c++ overcast I added..
Just open the app and you got hydra ready at yours finger tips..
Can I use this to recover my ICQ password which isn't on my computer.
I have used Cygwin to install Hydra 8 on my Windows 7 OS, however, when using the "./xhydra" command, I receive this error: "Gtk-WARNING **: cannot open display". Any advice?
Find this to be almost always quicker than ncrack.
I'm amazed of the many protocols supported, and its fast! a windows gui would be great though