LabEx
Log InJoin Free

Save Hydra Attack Results

HydraBeginner
Practice Now

Introduction

In this lab, you will learn how to save Hydra attack results. Hydra, a powerful password cracking tool, will be used to test the security of a simulated HTTP login form. You will begin by running a basic HTTP attack against a target web server, utilizing username and password lists.

This lab will then guide you through saving the attack results using the -o option and outputting them in JSON format with the -b option. Finally, you will compare the text and JSON outputs to understand the different ways Hydra can present its findings.

Set Up Target Service and User/Password Lists

In this step, you will set up a simulated HTTP login service and create the necessary username and password lists for Hydra to use. This will provide a controlled environment to practice saving Hydra's output.

First, navigate to your project directory:

cd ~/project

Next, you will create a simple Python script that simulates an HTTP login service. This script will listen on port 80 and respond to POST requests to /login.php. It will consider admin as the correct username and password as the correct password.

Create the login.py file using nano:

nano login.py

Paste the following Python code into the nano editor:

from http.server import BaseHTTPRequestHandler, HTTPServer
import urllib.parse
import os

class LoginHandler(BaseHTTPRequestHandler):
    def do_POST(self):
        if self.path == '/login.php':
            content_length = int(self.headers['Content-Length'])
            post_data = self.rfile.read(content_length).decode('utf-8')
            parsed_data = urllib.parse.parse_qs(post_data)

            username = parsed_data.get('username', [''])[0]
            password = parsed_data.get('password', [''])[0]

            if username == 'admin' and password == 'password':
                self.send_response(200)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write(b"Login successful!")
            else:
                self.send_response(401)
                self.send_header('Content-type', 'text/html')
                self.end_headers()
                self.wfile.write(b"Invalid username or password")
        else:
            self.send_response(404)
            self.send_header('Content-type', 'text/html')
            self.end_headers()
            self.wfile.write(b"Not found")

def run(server_class=HTTPServer, handler_class=LoginHandler, port=80):
    server_address = ('', port)
    httpd = server_class(server_address, handler_class)
    print(f"Starting httpd server on port {port}")
    httpd.serve_forever()

if __name__ == "__main__":
    run()

Save the file by pressing Ctrl+X, then Y, and then Enter.

Now, run the Python HTTP server in the background. This will simulate the target service for Hydra.

nohup python3 login.py > /dev/null 2>&1 &

The nohup command allows the process to continue running even after you close the terminal, and > /dev/null 2>&1 & redirects all output to /dev/null and runs the process in the background.

Next, you will create the username and password lists that Hydra will use for its attack.

Create a file named users.txt in the ~/project directory:

nano users.txt

Add the following usernames to the file:

admin
user
test

Save the file by pressing Ctrl+X, then Y, and then Enter.

Finally, create a file named passwords.txt in the ~/project directory:

nano passwords.txt

Add the following passwords to the file:

password
123456
test

Save the file by pressing Ctrl+X, then Y, and then Enter.

You have now successfully set up the target HTTP service and prepared the username and password lists.

Run Basic HTTP Attack

In this step, you will perform a basic HTTP attack using Hydra against the simulated login service you set up. This will demonstrate how Hydra attempts to crack credentials without saving the output to a file.

Hydra is a powerful tool for password cracking and can be used to test the security of various services, including HTTP. In this scenario, you will target a simple HTTP login form.

You will use the http-post-form module of Hydra, which is designed to attack web forms that use the HTTP POST method for submission. The target service is running on 127.0.0.1 on port 80, and the login form is located at /login.php.

Execute the following Hydra command in your terminal:

hydra -L ~/project/users.txt -P ~/project/passwords.txt 127.0.0.1 http-post-form "/login.php:username=^USER^&password=^PASS^:Invalid username or password"

Let's break down this command:

  • hydra: The command to invoke the Hydra tool.
  • -L ~/project/users.txt: Specifies the path to the username list file. Hydra will iterate through each username in this file.
  • -P ~/project/passwords.txt: Specifies the path to the password list file. Hydra will try each password from this file for every username.
  • 127.0.0.1: The target IP address of the simulated HTTP server.
  • http-post-form: This is the module Hydra uses to attack HTTP POST forms.
  • "/login.php:username=^USER^&password=^PASS^:Invalid username or password": This is the crucial part that defines how Hydra interacts with the form:
    • /login.php: The path to the login page on the target server.
    • username=^USER^&password=^PASS^: Defines the parameters sent in the POST request. ^USER^ and ^PASS^ are placeholders that Hydra replaces with values from your username and password lists.
    • Invalid username or password: This is the error message Hydra looks for in the server's response to determine if a login attempt was unsuccessful. If this string is not found, Hydra considers the login attempt successful.

After running the command, Hydra will display its progress and any successful login attempts directly in your terminal.

Example Output (if successful):

Hydra vX.X (c) XXXX by van Hauser/THC - Use freely but only for legal purposes.

Hydra is starting...

[DATA] X task, X servers, X login tries (l:X/p:X), ~X try per server
[DATA] attacking service http-post-form on port 80
[ATTACK] attacking 127.0.0.1:80/login.php
[80][http-post-form] host: 127.0.0.1   login: admin   password: password

This output indicates that Hydra successfully found the admin username and password password combination. If no successful login is found, Hydra will complete without displaying any successful login credentials.

Save Results with -o Option

In this step, you will learn how to save the results of a Hydra attack to a file using the -o option. This is useful for analyzing the results later or for reporting purposes, as it stores any cracked credentials in a persistent file.

The -o option allows you to specify an output file where Hydra will store the cracked credentials. If Hydra finds a valid username and password combination, it will be written to the specified file in a simple, human-readable format.

You will continue with the same scenario: the simulated web server running at 127.0.0.1 on port 80 with a login form at /login.php, and the users.txt and passwords.txt files you created earlier.

To save the results to a file named hydra.log in the ~/project directory, execute the following command:

hydra -L ~/project/users.txt -P ~/project/passwords.txt -o ~/project/hydra.log 127.0.0.1 http-post-form "/login.php:username=^USER^&password=^PASS^:Invalid username or password"

The only difference from the previous command is the addition of the -o ~/project/hydra.log option. This tells Hydra to save the results to the hydra.log file instead of just displaying them in the terminal.

After running the command, Hydra will attempt to log in using each username and password combination. If a successful login is found, the username and password will be written to the hydra.log file.

To view the contents of the hydra.log file, use the cat command:

cat ~/project/hydra.log

Example Output (if successful):

If Hydra finds the admin:password combination, the hydra.log file will contain a line similar to this:

127.0.0.1 http-post-form: admin:password

If no successful login is found, the hydra.log file will be empty.

It's important to note that the -o option will overwrite the output file if it already exists. If you wanted to append the results to an existing file, you would use the -O (uppercase O) option instead. However, for this lab, the -o option is sufficient.

Output as JSON with -b Option

In this step, you will explore how to output the results of a Hydra attack in JSON format using the -b option. JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans to read and write, and easy for machines to parse and generate. This format is particularly useful when you need to process the results programmatically, for example, when integrating Hydra's output into other tools or scripts.

The -b option, when combined with the -o option, tells Hydra to save the output in the specified format to the file. The -b option requires a format parameter: text (default), json, or jsonv1.

You will continue with the same scenario: the simulated web server running at 127.0.0.1 on port 80 with a login form at /login.php, and the users.txt and passwords.txt files.

To save the results in JSON format to a file named hydra.json in the ~/project directory, execute the following command:

hydra -L ~/project/users.txt -P ~/project/passwords.txt -o ~/project/hydra.json -b json 127.0.0.1 http-post-form "/login.php:username=^USER^&password=^PASS^:Invalid username or password"

In this command, you've added the -b json option along with the -o ~/project/hydra.json option. This instructs Hydra to save the output in JSON format to the hydra.json file.

After running the command, Hydra will attempt to log in using each username and password combination. If a successful login is found, the username and password will be written to the hydra.json file in JSON format.

To view the contents of the hydra.json file, use the cat command:

cat ~/project/hydra.json

Example Output (if successful):

If Hydra finds the admin:password combination, the hydra.json file will contain a JSON object similar to this:

{
  "generator": {
    "software": "Hydra",
    "version": "v9.2",
    "built": "2025-05-30 08:10:07",
    "server": "127.0.0.1",
    "service": "http-post-form",
    "jsonoutputversion": "1.00",
    "commandline": "hydra -L users.txt -P passwords.txt -o hydra.json -b json 127.0.0.1 http-post-form /login.php:username=^USER^&password=^PASS^:Invalid username or password"
  },
  "results": [
    {
      "port": 80,
      "service": "http-post-form",
      "host": "127.0.0.1",
      "login": "admin",
      "password": "password"
    }
  ],
  "success": true,
  "errormessages": [],
  "quantityfound": 1
}

If no successful login is found, the hydra.json file will contain an empty JSON array:

[]

This JSON format allows you to easily parse the results using scripting languages like Python or JavaScript for further analysis or automation.

Summary

In this lab, you learned how to perform a basic HTTP attack using Hydra, a powerful password cracking tool. You set up a simulated HTTP login service and created username and password lists. You then used Hydra to attempt to crack the simulated HTTP login form at 127.0.0.1.

You explored how to save Hydra's output to a file using the -o option, creating a human-readable hydra.log file. Furthermore, you learned to output results in JSON format using the -b option, generating a machine-readable hydra.json file. This lab demonstrated the flexibility of Hydra in presenting its findings, allowing for both quick review and programmatic processing of attack results.

Related Hydra Courses
Hydra for Beginners

Hydra for Beginners

cybersecurityhydrakali
Hydra Cybersecurity Attack Labs

Hydra Cybersecurity Attack Labs

cybersecurityhydrakali