LabEx
Log InJoin For Free

Use Hydra Verbose Mode

HydraHydraBeginner
Practice Now

Introduction

In this lab, you will learn how to use Hydra's verbose mode to gain more insight into the password cracking process. The lab focuses on demonstrating different levels of verbosity when performing an FTP attack.

First, you'll run a basic FTP login attack against a dummy target (127.0.0.1) without verbose output, using username and password lists created in your ~/project directory (users.txt and passwords.txt). Then, you'll rerun the attack using the -v option to display more details about each attempt and finally, use the -V option to show each attempt in real-time. By comparing the output of these different verbose levels, you'll understand how to effectively use Hydra's verbosity options for better monitoring and troubleshooting.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL hydra(("Hydra")) -.-> hydra/HydraGroup(["Hydra"]) hydra/HydraGroup -.-> hydra/ftp_attack("FTP Brute Force") hydra/HydraGroup -.-> hydra/verbose_mode("Verbose Mode Usage") subgraph Lab Skills hydra/ftp_attack -.-> lab-550777{{"Use Hydra Verbose Mode"}} hydra/verbose_mode -.-> lab-550777{{"Use Hydra Verbose Mode"}} end

Run FTP Attack Without Verbose

In this step, we will use Hydra to perform a basic FTP login attack without verbose output. This means Hydra will attempt to crack the FTP password, but it won't display detailed information about each login attempt on the screen. This is useful when you want to run the attack in the background or avoid cluttering your terminal.

Before we begin, let's understand the basic syntax of Hydra:

hydra [options] [service://server[:port]] [OPT]
  • hydra: The command to execute the Hydra tool.
  • [options]: Various options to customize the attack, such as username lists, password lists, and connection settings.
  • [service://server[:port]]: Specifies the service to attack (e.g., ftp, ssh, http), the target server's address, and optionally the port number.
  • [OPT]: Additional options specific to the service being attacked.

Now, let's create a simple username list and password list for our attack.

  1. Create a username list:

    In your ~/project directory, create a file named users.txt containing a list of usernames, one username per line. For example:

    nano ~/project/users.txt

    Add the following usernames:

    user1
user2
user3

    Save the file and exit nano (Ctrl+X, Y, Enter).

  2. Create a password list:

    In your ~/project directory, create a file named passwords.txt containing a list of passwords, one password per line. For example:

    nano ~/project/passwords.txt

    Add the following passwords:

    password123
password
123456

    Save the file and exit nano (Ctrl+X, Y, Enter).

  3. Run the FTP attack without verbose output:

    Now, let's run the Hydra attack against a target FTP server. For demonstration purposes, we will use a dummy target 127.0.0.1. Important: Do not attempt to attack systems without explicit permission.

    Execute the following command:

    hydra -L ~/project/users.txt -P ~/project/passwords.txt ftp://127.0.0.1
    • -L ~/project/users.txt: Specifies the username list file.
    • -P ~/project/passwords.txt: Specifies the password list file.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: Since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the basic syntax for running an FTP attack without verbose output. Hydra will attempt each username and password combination, but it will only display the results if a successful login is found. If no successful login is found, it will display a message indicating that no password was cracked.

    The output will look similar to this (though likely with "Login failed" messages since there's no actual FTP server):

    Hydra v9.5 (c) 2023 by van Hauser/THC - Use freely but carefully.
Hydra starting at 2023-10-27 10:00:00
[DATA] 1 task, 3 login attempts per task, 3 password attempts per task
[DATA] attacking ftp://127.0.0.1:21
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
...
[ATTEMPT] target 127.0.0.1 - login: user3 password: 123456
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user1 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
...
[ATTEMPT] target 127.0.0.1 - login: user3 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user2 password: password
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
...
[STATUS] 0 of 9 tasks completed, 1 task remaining
Hydra finished.

    If a successful login was found, the output would include a line like:

    [21][ftp] host: 127.0.0.1   login: user1   password: password123

    Since we are not running an actual FTP server, the attack will fail, and Hydra will report that no password was cracked. This is expected.

Rerun with -v for Details

In this step, we will rerun the FTP attack from the previous step, but this time we'll use the -v option to enable verbose output. Verbose output provides more detailed information about each login attempt, which can be helpful for troubleshooting or understanding the attack's progress.

The -v option in Hydra stands for "verbose." When used, it increases the amount of information displayed on the screen during the attack. This includes details about each connection attempt, the username and password being tried, and any errors that occur.

Let's use the same username and password lists (users.txt and passwords.txt) that we created in the previous step.

  1. Rerun the FTP attack with verbose output:

    Execute the following command:

    hydra -L ~/project/users.txt -P ~/project/passwords.txt -v ftp://127.0.0.1
    • -L ~/project/users.txt: Specifies the username list file.
    • -P ~/project/passwords.txt: Specifies the password list file.
    • -v: Enables verbose output.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: As in the previous step, since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the use of the -v option.

    The output will now be more detailed than in the previous step. You will see information about each connection attempt, including the username and password being tried, and any errors that occur. The output will look similar to this:

    Hydra v9.5 (c) 2023 by van Hauser/THC - Use freely but carefully.
Hydra starting at 2023-10-27 10:05:00
[DATA] 1 task, 3 login attempts per task, 3 password attempts per task
[DATA] attacking ftp://127.0.0.1:21
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ATTEMPT] target 127.0.0.1 - login: user1 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user1 password: password
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user1 password: 123456
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user2 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user2 password: password
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user2 password: 123456
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user3 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user3 password: password
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[ATTEMPT] target 127.0.0.1 - login: user3 password: 123456
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed
[STATUS] 0 of 9 tasks completed, 1 task remaining
Hydra finished.

    You can see that each attempt is now displayed, showing the username and password being tried. This can be useful for monitoring the attack's progress and identifying any potential issues.

Run with -V to Show Attempts

In this step, we will rerun the FTP attack again, but this time using the -V option. The -V option provides a different level of verbosity compared to -v. It focuses on displaying each login attempt in a concise format, making it easier to track the progress of the attack.

The -V option in Hydra is similar to -v but provides a more compact output. Instead of showing detailed connection information for each attempt, it simply displays the username and password being tried. This can be useful when you want to monitor the attack's progress without being overwhelmed by too much information.

We will continue using the same username and password lists (users.txt and passwords.txt) from the previous steps.

  1. Rerun the FTP attack with -V output:

    Execute the following command:

    hydra -L ~/project/users.txt -P ~/project/passwords.txt -V ftp://127.0.0.1
    • -L ~/project/users.txt: Specifies the username list file.
    • -P ~/project/passwords.txt: Specifies the password list file.
    • -V: Enables attempt-focused output.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: As before, since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the use of the -V option.

    The output will be more concise than with the -v option. You will see each login attempt displayed in a simple format, showing the username and password being tried. The output will look similar to this:

    Hydra v9.5 (c) 2023 by van Hauser/THC - Use freely but carefully.
Hydra starting at 2023-10-27 10:10:00
[DATA] 1 task, 3 login attempts per task, 3 password attempts per task
[DATA] attacking ftp://127.0.0.1:21
[ATTEMPT] target 127.0.0.1 - login: user1 password: password123
[ATTEMPT] target 127.0.0.1 - login: user1 password: password
[ATTEMPT] target 127.0.0.1 - login: user1 password: 123456
[ATTEMPT] target 127.0.0.1 - login: user2 password: password123
[ATTEMPT] target 127.0.0.1 - login: user2 password: password
[ATTEMPT] target 127.0.0.1 - login: user2 password: 123456
[ATTEMPT] target 127.0.0.1 - login: user3 password: password123
[ATTEMPT] target 127.0.0.1 - login: user3 password: password
[ATTEMPT] target 127.0.0.1 - login: user3 password: 123456
[STATUS] 0 of 9 tasks completed, 1 task remaining
Hydra finished.

    This output is less detailed than the -v output, but it still provides a clear overview of the attack's progress.

Compare Verbose Levels

In this step, we will compare the different verbose levels we used in the previous steps: no verbose output, -v (verbose), and -V (show attempts). Understanding the differences between these levels allows you to choose the most appropriate level of detail for your specific needs when using Hydra.

Let's summarize the characteristics of each verbose level:

  • No Verbose Output: This is the default behavior. Hydra will only display successful login attempts or error messages. It provides the least amount of information and is suitable for running attacks in the background or when you only care about successful logins.

  • -v (Verbose): This option provides detailed information about each connection attempt, including the username and password being tried, connection status, and any errors that occur. It's useful for troubleshooting connection problems, understanding the attack's progress, and identifying potential issues.

  • -V (Show Attempts): This option displays each login attempt in a concise format, showing only the username and password being tried. It provides a good balance between detail and clarity, allowing you to monitor the attack's progress without being overwhelmed by too much information.

To further illustrate the differences, let's consider a scenario where Hydra is attempting to crack the password for the username user1 on an FTP server.

  • No Verbose Output: If the login attempt fails, Hydra might display a generic error message like [ERROR] 127.0.0.1: FTP: Login failed. If the login attempt succeeds, it will display the successful login information.

  • -v (Verbose): If the login attempt fails, Hydra might display detailed information like:

    [ATTEMPT] target 127.0.0.1 - login: user1 password: password123
[STATUS] 0.00 tries/min, 0 tries in 0 min, 1 task
[ERROR] 127.0.0.1: FTP: Login failed

    This output shows the specific username and password being tried, the connection status, and the error message.

  • -V (Show Attempts): If the login attempt fails, Hydra will display:

    [ATTEMPT] target 127.0.0.1 - login: user1 password: password123

    This output simply shows the username and password being tried, without any additional connection details.

Choosing the Right Verbose Level:

The choice of verbose level depends on your specific needs and preferences.

  • If you want to run the attack in the background and only care about successful logins, use no verbose output.
  • If you need detailed information for troubleshooting or understanding the attack's progress, use the -v option.
  • If you want a concise overview of the attack's progress, use the -V option.

In summary, by experimenting with different verbose levels, you can gain a better understanding of how Hydra works and choose the most appropriate level of detail for your specific needs. This completes the lab on comparing verbose levels in Hydra.

Summary

In this lab, we explored Hydra's verbose modes by performing an FTP login attack. We began by running a basic attack against a dummy FTP server (127.0.0.1) without verbose output, using username and password lists created in the ~/project directory. This demonstrated the default behavior of Hydra, where detailed login attempt information is suppressed.

The lab then guided us through using the -v and -V options to increase the verbosity of Hydra's output, allowing us to observe more details about each login attempt. By comparing the output of the attack with different verbose levels, we gained a better understanding of how to use Hydra's verbosity options to monitor and troubleshoot attacks.