LabEx
Log InJoin For Free

Kali Password Attacks with Hydra

Kali LinuxKali LinuxBeginner
Practice Now

Introduction

In this lab, you will learn the basics of ethical hacking using Kali Linux to explore password attack techniques with Hydra, a powerful tool for brute-force attacks. The focus is on understanding how such attacks work and why strong passwords and secure system configurations are essential. You will simulate attacks on SSH credentials and web logins within a controlled LabEx VM environment, ensuring a safe and legal space for practice. Through step-by-step guidance, you will create wordlists, execute brute-force attacks, and log results for analysis. All tasks are performed in a Kali Linux container, which is automatically set up for you, making this lab accessible even for complete beginners.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kali(("Kali")) -.-> kali/KaliGroup(["Kali"]) kali/KaliGroup -.-> kali/file_ctrl("File Management") kali/KaliGroup -.-> kali/pkg_ops("Package Management") kali/KaliGroup -.-> kali/bash_code("Bash Scripting") kali/KaliGroup -.-> kali/vuln_scan("Vulnerability Scanning") kali/KaliGroup -.-> kali/log_ops("Log Analysis") kali/KaliGroup -.-> kali/ssh_conf("SSH Access") kali/KaliGroup -.-> kali/hydra_ops("Hydra Tool") subgraph Lab Skills kali/file_ctrl -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/pkg_ops -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/bash_code -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/vuln_scan -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/log_ops -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/ssh_conf -.-> lab-552296{{"Kali Password Attacks with Hydra"}} kali/hydra_ops -.-> lab-552296{{"Kali Password Attacks with Hydra"}} end

Setting Up the Kali Linux Environment and Installing Hydra

In this first step, you will set up your working environment inside a Kali Linux container and install Hydra, the tool used for password attacks. This lab is designed for beginners, so every detail is explained to ensure you can follow along easily.

When you open the terminal in the LabEx VM, you will be automatically connected to the Kali Linux container's shell. There is no need to manually start the container or enter the shell; the environment is already configured for you. You will see a welcome message indicating that you are in the Kali Linux container shell. If you need to exit the container at any point, simply type exit or press Ctrl+D.

Let's confirm that you are in the correct environment by checking the current system information. Type the following command in the terminal and press Enter:

cat /etc/os-release

This command displays details about the operating system. You should see output confirming that you are running Kali Linux.

Expected Output (example, actual output may vary):

PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
VERSION_ID="2023.4"
VERSION="2023.4 (Kali-rolling)"
...

Now, let's update the package list and install Hydra, which is not pre-installed in the container. Hydra is a fast and flexible tool for performing brute-force attacks on various protocols. Run the following commands to update the package list and install Hydra:

apt update
apt install -y hydra

These commands will download and install Hydra. The process may take a few moments, so be patient while it completes. The -y flag automatically confirms the installation without prompting for input.

After installation, verify that Hydra is installed by checking its version. Type the following command and press Enter:

hydra -h

This command displays the help information for Hydra, confirming it is ready for use.

Expected Output (example, actual output may vary):

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][OPT]]]
...

This output shows that Hydra is installed and provides a brief overview of its usage options. You are now ready to proceed with creating wordlists and performing simulated attacks in the next steps. All operations will be done within this Kali Linux container shell, so there is no need to navigate directories or change environments.

Creating a Wordlist for Brute-Force Attacks

Now that Hydra is installed in your Kali Linux container, the next step is to create a wordlist. A wordlist is a crucial component in brute-force attacks as it contains potential passwords or usernames that the tool will try against a target. This step is designed to be simple and beginner-friendly, with detailed guidance to ensure you can follow along.

For beginners, a wordlist is just a plain text file with one entry per line, such as common passwords or usernames. In real-world scenarios, attackers might use large wordlists with thousands of entries, but for this lab, we will create a small, manageable file to understand the concept.

You are already in the Kali Linux container shell, which is your working environment for all tasks. Let's create a wordlist file named passwords.txt using the nano editor, a simple command-line text editor. Type the following command and press Enter:

nano passwords.txt

This opens the nano editor. Now, type the following list of sample passwords into the editor. These are just for demonstration purposes:

admin
password
123456
test
root

After typing these entries, save the file by pressing Ctrl+O, then press Enter to confirm the filename, and finally press Ctrl+X to exit the editor. To verify that the file was created successfully, list the contents of your current directory with the following command:

ls

Expected Output (example, actual output may vary):

passwords.txt

You should see passwords.txt in the output, confirming that the file is ready. This wordlist will be used in the next steps to simulate brute-force attacks. By creating this file, you have taken the first practical step in preparing for password guessing techniques. Stay in the Kali Linux container shell for the upcoming tasks, as all operations will continue from here.

Simulating a Brute-Force Attack on SSH Credentials

With Hydra installed and a wordlist created, you are ready to simulate a brute-force attack on SSH credentials. This step introduces you to the concept of brute-forcing, which involves systematically trying different username and password combinations to gain access to a system. As a beginner, you will find this step explained in detail to ensure clarity and ease of execution.

SSH, or Secure Shell, is a protocol used to securely connect to remote systems. In a brute-force attack, tools like Hydra attempt to log in by testing multiple credentials from a wordlist. For ethical and safety reasons, we will not target a real system. Instead, we will use localhost (127.0.0.1) as a dummy target to demonstrate the command structure without risking unauthorized access.

You are still in the Kali Linux container shell, which is your working environment. Let's run a simulated brute-force attack on SSH using the passwords.txt wordlist you created. Type the following command and press Enter:

hydra -l root -P passwords.txt ssh://127.0.0.1

Let's break down this command for clarity:

  • -l root: Specifies the username to test, in this case, root, a common default username.
  • -P passwords.txt: Specifies the path to your wordlist file containing potential passwords.
  • ssh://127.0.0.1: Specifies the protocol (SSH) and the target, which is localhost (127.0.0.1), a safe dummy target for learning purposes.

Since there is no SSH server running on localhost with the credentials we are testing, Hydra will not succeed in logging in. This is expected and part of the learning process. Wait for the command to complete, which may take a few seconds.

Expected Output (example, actual output may vary):

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
...
[ERROR] could not connect to ssh://127.0.0.1:22 - Connection refused
...

This output indicates that Hydra attempted to connect but failed due to no SSH server being available on localhost. The purpose here is to understand how to structure and execute a brute-force command with Hydra, not to achieve a successful login. You have now practiced the basics of SSH brute-forcing in a safe environment. Continue working in the Kali Linux container shell as we move to the next step of attacking web logins.

Simulating a Brute-Force Attack on Web Logins

Building on the previous step where you simulated an SSH brute-force attack, this step focuses on using Hydra to target web login forms. This is another common attack vector in ethical hacking, and as a beginner, you will find the process explained thoroughly to ensure you can follow each action.

Web login forms are interfaces on websites where users enter credentials to access protected areas. A brute-force attack on such forms involves trying multiple username and password combinations, much like with SSH. For safety and ethical reasons, we will again use localhost (127.0.0.1) as a dummy target to demonstrate the command without targeting a real system.

You remain in the Kali Linux container shell, which is your working environment. Let's simulate a brute-force attack on a web login form using the same passwords.txt wordlist from the earlier step. Type the following command and press Enter:

hydra -l admin -P passwords.txt http-post-form://127.0.0.1/login:user=^USER^ &
pass=^PASS^:F=incorrect

Let's break down this command for better understanding:

  • -l admin: Specifies the username to test, in this case, admin, a common default username for web applications.
  • -P passwords.txt: Specifies the path to your wordlist file containing potential passwords.
  • http-post-form://127.0.0.1/login: Specifies the protocol (HTTP POST form) and the dummy target URL (127.0.0.1/login), which is safe for testing.
  • user=^USER^&pass=^PASS^: Defines the form fields for username and password, where ^USER^ and ^PASS^ are placeholders for values from the wordlist.
  • F=incorrect: Indicates the failure condition Hydra looks for to determine if a login attempt failed (a dummy condition for this simulation).

Since there is no web server running on localhost, Hydra will not succeed. This is expected and part of the learning process. Wait for the command to complete, which may take a few seconds.

Expected Output (example, actual output may vary):

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
...
[ERROR] could not connect to http-post-form://127.0.0.1/login - Connection refused
...

This output shows that Hydra attempted to connect but failed due to no web server being available on localhost. The goal is to learn the structure of the command for web login brute-forcing, not to achieve a successful login. You have now practiced another key aspect of ethical hacking in a controlled environment. Stay in the Kali Linux container shell for the next step, where we will create a larger wordlist.

Creating an Expanded Wordlist for Attacks

Having practiced brute-force attacks on SSH and web logins, this step focuses on enhancing your wordlist to simulate a more realistic attack scenario. A larger wordlist can increase the chances of success in a real brute-force attempt, and as a beginner, you will learn how to create and use such a list with clear, detailed instructions.

For clarity, a wordlist's effectiveness depends on its size and relevance to the target. In real scenarios, ethical hackers might use wordlists tailored to specific users or systems. For this lab, we will create a slightly larger wordlist to understand the impact of variety in password guessing.

You are still in the Kali Linux container shell, which is your working environment. Let's create a new wordlist file named extended_passwords.txt using the nano editor. Type the following command and press Enter:

nano extended_passwords.txt

This opens the nano editor. Now, type the following list of sample passwords into the editor. These are for demonstration purposes and include more varied entries:

admin123
password123
12345678
qwerty
letmein
welcome
secret
pass1234
userpass
test123

After typing these entries, save the file by pressing Ctrl+O, then press Enter to confirm the filename, and finally press Ctrl+X to exit the editor. To verify that the file was created successfully, list the contents of your current directory with the following command:

ls

Expected Output (example, actual output may vary):

extended_passwords.txt  passwords.txt

You should see both extended_passwords.txt and passwords.txt in the output, confirming that the new file is ready. Now, let's use this expanded wordlist in a simulated SSH brute-force attack to see the difference. Type the following command and press Enter:

hydra -l root -P extended_passwords.txt ssh://127.0.0.1

This command is similar to the one used in the earlier SSH attack step, but it uses the new extended_passwords.txt file. As before, since there is no SSH server on localhost, the attack will not succeed, which is expected.

Expected Output (example, actual output may vary):

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
...
[ERROR] could not connect to ssh://127.0.0.1:22 - Connection refused
...

This output confirms that Hydra attempted the attack with the new wordlist but failed due to the dummy target. The purpose is to practice using a more comprehensive wordlist, preparing you for scenarios where varied passwords might be tested. Continue working in the Kali Linux container shell for the final step, where we will log attack results.

Logging Brute-Force Attack Results

In this final step, you will learn how to log the results of a brute-force attack using Hydra. Logging is an essential practice in ethical hacking for documenting attempts and analyzing outcomes. This step is designed for beginners, with detailed instructions to ensure you can complete the task easily.

Logging refers to saving the output of a command or process to a file for later review. In the context of brute-force attacks, it helps track which credentials were tested and whether any were successful. Hydra provides an option to save results to a file, which we will use in this simulation.

You are still in the Kali Linux container shell, which is your working environment. Let's run a simulated SSH brute-force attack using the extended_passwords.txt wordlist and save the results to a file named attack_log.txt. Type the following command and press Enter:

hydra -l root -P extended_passwords.txt ssh://127.0.0.1 -o attack_log.txt

Let's break down the new part of this command:

  • -o attack_log.txt: Specifies the output file where Hydra will save the results of the attack.

As in previous steps, since there is no SSH server on localhost, the attack will not succeed. This is expected. Wait for the command to complete, which may take a few seconds.

Expected Output (example, actual output may vary):

Hydra v9.4 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
...
[ERROR] could not connect to ssh://127.0.0.1:22 - Connection refused
...

The terminal output will show connection errors, but the key is that the results are saved to attack_log.txt. To view the contents of this log file, type the following command and press Enter:

cat attack_log.txt

Expected Output (example, actual output may vary):

## Hydra v9.4 run at [timestamp] on ssh://127.0.0.1
## No valid credentials found

This output in the file will likely indicate that no valid credentials were found, which is expected for our dummy target. The purpose of this step is to demonstrate how to document attack results, a critical skill for reviewing and reporting in ethical hacking. You have now completed all the practical steps in this lab within the Kali Linux container shell.

Summary

In this lab, you have learned the fundamentals of ethical hacking by exploring password attacks using Hydra within a Kali Linux container in the LabEx VM. You started by setting up the environment and installing Hydra, then created wordlists for brute-force attacks. Through step-by-step simulations, you practiced attacking SSH credentials and web logins using dummy targets for safety. Additionally, you expanded your wordlist to understand its impact and learned to log attack results for analysis. These skills provide a foundation for understanding the importance of strong passwords and secure configurations in cybersecurity.

Related Kali Linux Courses
Quick Start with Nmap

Quick Start with Nmap

CybersecurityNmap
Beginner
Quick Start with Wireshark

Quick Start with Wireshark

Cybersecurity
Beginner
Kali Server Exploitation in Action

Kali Server Exploitation in Action

CybersecurityPen Testing
Beginner