Brute-forcing passwords with THC-Hydra

THC-Hydra (or simply Hydra) is a network logon cracker, that is, an online cracker, which means that it can be used to find login passwords by brute-forcing network services. A brute force attack is the one that tries to guess the correct password by attempting all the possible combinations of characters; these type of attacks are guaranteed to find an answer, even if they take ten million years to do it.

Although it is not feasible for a penetration tester to wait for more than a few days or maybe hours to get the login password for a website, sometimes testing a few username/password combinations in a large number of servers might be very productive.

In this recipe, we will use Hydra to break into a login ...

Get Kali Linux Web Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.