Hydra supports several common attack modes that allow users to perform different types of password-cracking attempts. Here are the primary modes:
Dictionary Attack:
- This is the most common mode where Hydra uses a list of potential passwords (dictionary) to attempt logins.
- Command example:
hydra -l username -P password_list.txt ssh://target_ip
Brute-Force Attack:
- In this mode, Hydra systematically tries all possible combinations of characters for the password.
- This can be time-consuming and is generally less efficient than dictionary attacks.
- Command example:
hydra -l username -x 6:8:a -s 1 ftp://target_ip - Here,
-x 6:8:aspecifies a password length between 6 and 8 characters, including lowercase letters.
Combination Attack:
- This mode combines usernames and passwords from two separate lists, trying every combination.
- Command example:
hydra -L usernames.txt -P passwords.txt http://target_ip
Reverse Brute-Force Attack:
- Instead of using a list of passwords, this mode uses a known password and tries it against multiple usernames.
- Command example:
hydra -l username_list.txt -p known_password ftp://target_ip
Get/Put Attack:
- Specific to FTP, this mode attempts to retrieve or upload files using various credentials.
- Command example:
hydra -L usernames.txt -P passwords.txt ftp://target_ip -g
Summary
These modes allow Hydra to be versatile in its approach to password cracking, making it a valuable tool for security testing. If you want to explore these modes further or need help with specific commands, feel free to ask!
