Simple Password Bruteforce Demonstration Using Hydra


Figure 0. three numerical pins for luggage lock.

Program Concept

Hydra Demonstration

Figure 1. example of a very simple username dictionary. The first thing you need is a dictionary. It is just collection of words in form of a file. I put the correct username amongs those words.
Figure 2. example of a very simple password dictionary. I decide to separate the username and password dictionary, but you can put them in one file if you want. I put the correct password amongs those words.
Figure 3. scanning server with NMAP. Before the exploitation phase is the scanning phase and here is just to show that the telnet port is open on port 23.
Figure 4. hydra gui is available on Backtrack 5. The menu is in BackTrack > Privilege Escalation > Password Attacks > Online Attacks > hydra-gtk. If you don’t have Hydra, try getting one from your package manager or go to its Github.
Figure 5. hydra command line help. I prefer to use the command line. Type “Hydra” or “Hydra — help” to show the help texts.

Beyond this is at your own risk if targeting other’s server because it will be count as a hacking attempt. Get permission for penetration testing or do only on your own servers.

Figure 6. hydra brute force execution. Based on the help texts on Figure 5 the “-L” points to the username dictionary, “-P” points to the password dictionary, “-F” to stop when successful, “-V” for verbose, then followed by the server’s IP address and service. After trying possible combinations username “purnama” and password “testhack” is found as a matching pair.
Figure 7. telnet to server and here I laughed because I just remembered that I was trying to brute force my own Windows desktop many years ago.

Final Notes


this blog contains all my articles licensed under creative commons attribution customized sharealike (cc-by-sa) where you can sell but mention the open one here

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store