LabEx
Log InJoin Free

Use Hydra Verbose Mode

HydraBeginner
Practice Now

Introduction

In this lab, you will learn how to use Hydra's verbose mode to gain more insight into the password cracking process. The lab focuses on demonstrating different levels of verbosity when performing an FTP attack.

First, you'll run a basic FTP login attack against a dummy target (127.0.0.1) without verbose output, using username and password lists created in your ~/project directory (users.txt and passwords.txt). Then, you'll rerun the attack using the -v option to display more details about each attempt and finally, use the -V option to show each attempt in real-time. By comparing the output of these different verbose levels, you'll understand how to effectively use Hydra's verbosity options for better monitoring and troubleshooting.

Run FTP Attack Without Verbose

In this step, you will perform a basic FTP login attack using Hydra without verbose output. This means Hydra will attempt to crack the FTP password, but it will not display detailed information about each login attempt on the screen. This is useful when you want to run the attack in the background or avoid cluttering your terminal.

Before you begin, let's understand the basic syntax of Hydra:

hydra [options] [service://server[:port]] [OPT]
  • hydra: The command to execute the Hydra tool.
  • [options]: Various options to customize the attack, such as username lists, password lists, and connection settings.
  • [service://server[:port]]: Specifies the service to attack (e.g., ftp, ssh, http), the target server's address, and optionally the port number.
  • [OPT]: Additional options specific to the service being attacked.

Now, navigate to your ~/project directory, which is your default working directory in this lab environment:

cd ~/project

Next, you will create a simple username list and password list for your attack.

  1. Create a username list:

    Create a file named users.txt in your ~/project directory. This file will contain a list of usernames, with one username per line. Use the nano text editor to create and edit the file:

    nano users.txt

    Add the following usernames to the file:

    user1
user2
user3

    To save the file in nano:

    1. Press Ctrl + X to exit.
    2. Press Y to confirm saving.
    3. Press Enter to confirm the filename.

  2. Create a password list:

    Similarly, create a file named passwords.txt in your ~/project directory. This file will contain a list of passwords, with one password per line. Use nano to create and edit the file:

    nano passwords.txt

    Add the following passwords to the file:

    password123
password
123456

    Save the file and exit nano (Ctrl+X, Y, Enter).

  3. Run the FTP attack without verbose output:

    Now, you will run the Hydra attack against a target FTP server. For demonstration purposes, you will use a dummy target 127.0.0.1. Important: Do not attempt to attack systems without explicit permission.

    Execute the following command in your terminal:

    hydra -L users.txt -P passwords.txt ftp://127.0.0.1

    Let's break down this command:

    • -L users.txt: Specifies the username list file. Since you are in the ~/project directory, you can use the relative path users.txt.
    • -P passwords.txt: Specifies the password list file. Similarly, you can use the relative path passwords.txt.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: Since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the basic syntax for running an FTP attack without verbose output. Hydra will attempt each username and password combination, but it will only display the results if a successful login is found. If no successful login is found, it will display a message indicating that no password was cracked.

    The output will look similar to this:

    Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-05-30 09:45:40
[DATA] max 9 tasks per 1 server, overall 9 tasks, 9 login tries (l:3/p:3), ~1 try per task
[DATA] attacking ftp://127.0.0.1:21/
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-05-30 09:45:52

    As you can see, without verbose mode, Hydra provides minimal output - just the basic information about the attack configuration, the target being attacked, and the final result. No individual login attempts are shown.

Rerun with -v for Details

In this step, you will rerun the FTP attack from the previous step, but this time you will use the -v option to enable verbose output. Verbose output provides more detailed information about each login attempt, which can be helpful for troubleshooting or understanding the attack's progress.

The -v option in Hydra stands for "verbose." When used, it increases the amount of information displayed on the screen during the attack. This includes details about each connection attempt, the username and password being tried, and any errors that occur.

You will continue to use the same username and password lists (users.txt and passwords.txt) that you created in the previous step. Ensure you are still in the ~/project directory.

  1. Rerun the FTP attack with verbose output:

    Execute the following command in your terminal:

    hydra -L users.txt -P passwords.txt -v ftp://127.0.0.1

    Let's break down this command:

    • -L users.txt: Specifies the username list file.
    • -P passwords.txt: Specifies the password list file.
    • -v: Enables verbose output. This is the new option you are adding.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: As in the previous step, since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the use of the -v option.

    The output will now be more detailed than in the previous step. You will see information about each connection attempt, including the username and password being tried, and any errors that occur. The output will look similar to this:

    Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-05-30 09:45:54
[DATA] max 9 tasks per 1 server, overall 9 tasks, 9 login tries (l:3/p:3), ~1 try per task
[DATA] attacking ftp://127.0.0.1:21/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
Process 1216: Can not connect [unreachable], retrying (1 of 1 retries)
Process 1218: Can not connect [unreachable], retrying (1 of 1 retries)
Process 1217: Can not connect [unreachable], retrying (1 of 1 retries)
...
[ERROR] Child with pid 1220 terminating, can not connect
[ERROR] Child with pid 1224 terminating, can not connect
[ERROR] Child with pid 1219 terminating, can not connect
...
[VERBOSE] Disabled child 7 because of too many errors
[VERBOSE] Disabled child 8 because of too many errors
...
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-05-30 09:46:07

    You can see that the verbose mode provides much more detailed information about the connection process, including:

    • DNS resolution details
    • Individual process connection attempts and retries
    • Specific error messages for each failed connection
    • Information about child processes being disabled due to errors

    This level of detail is particularly useful for troubleshooting connection issues and understanding why an attack might be failing.

Run with -V to Show Attempts

In this step, you will rerun the FTP attack again, but this time using the -V option. The -V option provides a different level of verbosity compared to -v. It focuses on displaying each login attempt in a concise format, making it easier to track the progress of the attack.

The -V option in Hydra is similar to -v but provides a more compact output. Instead of showing detailed connection information for each attempt, it simply displays the username and password being tried. This can be useful when you want to monitor the attack's progress without being overwhelmed by too much information.

You will continue using the same username and password lists (users.txt and passwords.txt) from the previous steps. Ensure you are still in the ~/project directory.

  1. Rerun the FTP attack with -V output:

    Execute the following command in your terminal:

    hydra -L users.txt -P passwords.txt -V ftp://127.0.0.1

    Let's break down this command:

    • -L users.txt: Specifies the username list file.
    • -P passwords.txt: Specifies the password list file.
    • -V: Enables attempt-focused output. This is the new option you are adding.
    • ftp://127.0.0.1: Specifies the FTP service and the target server's address.

    Note: As before, since there is no FTP server running on 127.0.0.1, the attack will fail. However, this command demonstrates the use of the -V option.

    The output will be more concise than with the -v option. You will see each login attempt displayed in a simple format, showing the username and password being tried. The output will look similar to this:

    Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-05-30 09:46:09
[DATA] max 9 tasks per 1 server, overall 9 tasks, 9 login tries (l:3/p:3), ~1 try per task
[DATA] attacking ftp://127.0.0.1:21/
[ATTEMPT] target 127.0.0.1 - login "user1" - pass "password123" - 1 of 9 [child 0] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user1" - pass "password" - 2 of 9 [child 1] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user1" - pass "123456" - 3 of 9 [child 2] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user2" - pass "password123" - 4 of 9 [child 3] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user2" - pass "password" - 5 of 9 [child 4] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user2" - pass "123456" - 6 of 9 [child 5] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user3" - pass "password123" - 7 of 9 [child 6] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user3" - pass "password" - 8 of 9 [child 7] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user3" - pass "123456" - 9 of 9 [child 8] (0/0)
[REDO-ATTEMPT] target 127.0.0.1 - login "user1" - pass "password123" - 10 of 18 [child 0] (1/9)
...
1 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-05-30 09:46:21

    This output shows each login attempt in a clear, structured format including:

    • The target IP address
    • The username and password being tried (in quotes)
    • The attempt number and total attempts
    • The child process ID handling the attempt
    • Retry attempts when connections fail (shown as REDO-ATTEMPT)

    This format provides excellent visibility into the attack progress without the verbose connection debugging information.

Compare Verbose Levels

In this step, you will compare the different verbose levels you used in the previous steps: no verbose output, -v (verbose), and -V (show attempts). Understanding the differences between these levels allows you to choose the most appropriate level of detail for your specific needs when using Hydra.

Let's summarize the characteristics of each verbose level:

  • No Verbose Output: This is the default behavior. Hydra will only display basic attack information, configuration details, and the final results. It provides the least amount of information and is suitable for running attacks in the background or when you only care about successful logins and overall results.

  • -v (Verbose): This option provides detailed technical information about the connection process, including DNS resolution, individual process connection attempts, retry mechanisms, and detailed error messages. It's particularly useful for troubleshooting connection problems and understanding why an attack might be failing at the network level.

  • -V (Show Attempts): This option displays each login attempt in a structured format, showing the specific username and password combinations being tried, attempt counters, and child process information. It provides excellent visibility into the attack progress without overwhelming technical details about network connections.

To further illustrate the differences, let's consider what you see when Hydra attempts to attack an FTP server:

  • No Verbose Output: You see only the basic configuration and final results:

    [DATA] max 9 tasks per 1 server, overall 9 tasks, 9 login tries (l:3/p:3), ~1 try per task
[DATA] attacking ftp://127.0.0.1:21/
1 of 1 target completed, 0 valid password found

  • -v (Verbose): You see detailed connection information and error handling:

    [VERBOSE] Resolving addresses ... [VERBOSE] resolving done
Process 1216: Can not connect [unreachable], retrying (1 of 1 retries)
[ERROR] Child with pid 1220 terminating, can not connect
[VERBOSE] Disabled child 7 because of too many errors

  • -V (Show Attempts): You see each specific login attempt with credentials:

    [ATTEMPT] target 127.0.0.1 - login "user1" - pass "password123" - 1 of 9 [child 0] (0/0)
[ATTEMPT] target 127.0.0.1 - login "user2" - pass "password" - 5 of 9 [child 4] (0/0)
[REDO-ATTEMPT] target 127.0.0.1 - login "user1" - pass "password123" - 10 of 18 [child 0] (1/9)

Choosing the Right Verbose Level:

The choice of verbose level depends on your specific needs and preferences.

  • If you want to run the attack in the background and only care about successful logins and basic results, use no verbose output.
  • If you need detailed technical information for troubleshooting connection issues, network problems, or understanding why an attack is failing at the protocol level, use the -v option.
  • If you want to monitor the specific username and password combinations being attempted and track the attack's progress through your wordlists, use the -V option.

In summary, by experimenting with different verbose levels, you can gain a better understanding of how Hydra works and choose the most appropriate level of detail for your specific needs. The -V option is particularly useful for monitoring attack progress, while -v is better for debugging connection issues.

Summary

In this lab, you explored Hydra's verbose modes by performing an FTP login attack. You began by running a basic attack against a dummy FTP server (127.0.0.1) without verbose output, using username and password lists created in the ~/project directory. This demonstrated the default behavior of Hydra, where detailed login attempt information is suppressed.

The lab then guided you through using the -v and -V options to increase the verbosity of Hydra's output, allowing you to observe more details about each login attempt. By comparing the output of the attack with different verbose levels, you gained a better understanding of how to use Hydra's verbosity options to monitor and troubleshoot attacks.

Related Hydra Courses
Hydra for Beginners

Hydra for Beginners

cybersecurityhydrakali
Hydra Cybersecurity Attack Labs

Hydra Cybersecurity Attack Labs

cybersecurityhydrakali