In this recipe we will use the THC-Hydra (Hydra) password cracker. There are times in which we will have the time to physically attack a Windows-based computer and obtain the Security Accounts Manager (SAM) directly. However, there will also be times in which we are unable to do so and this is where an online password attack proves most beneficial.
Hydra supports many protocols, including (but not limited to) FTP, HTTP, HTTPS, MySQL, MS SQL, Oracle, Cisco, IMAP, VNC, and many more! Be careful though, as this type of attack can be a bit noisy, increasing your chance of getting detected.
The following requirements need to be fulfilled: