Simple Password Bruteforce Demonstration Using Hydra

Background

Have you ever forgotten your pin for your baggage then search on Youtube? Generally they advice “set everything to 000, try to click the lock, turn to 001, try to click the lock again, keep doing this until 009, then try 010, try to click the lock, turn to 011, try to click the lock again, keep doing this until 019, then try 020, repeat and eventually you will open the lock”. Wait a minute isn’t the same as trying every combination from 000–999? That is just brute force! What a spin around just to get views!

Figure 0. three numerical pins for luggage lock.

Story aside, in this article I will introduce you to a simple demonstration of brute forcing a password using Hydra on Linux. This is no advance tutorial but only to give people who never heard of brute force illustration. I can define password brute forcing in just one sentence which is trying every single character combination to crack a password.

Program Concept

As a human is a heavy labor, which is why we create programs to do them for us. The application or programming concept is actually simple.

1. Generate a dictionary of possible combinations.
2. Inject those combinations in account login interfaces.