mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-04-27 19:16:08 -04:00
20 lines
425 B
Markdown
20 lines
425 B
Markdown
# Password
|
|
|
|
## Brute-force password cracking with Hydra
|
|
|
|
1. Download [Hydra](https://www.thc.org/thc-hydra/) and install it:
|
|
|
|
```bash
|
|
$ ./configure
|
|
$ make
|
|
$ make install
|
|
```
|
|
|
|
2. Check with Burp what's the auth type (e.g. use FoxyProxy to proxy to localhost:8080 so burp can intercept it).
|
|
|
|
2. Run hydra with wordlists (and username lists). Example:
|
|
|
|
```bash
|
|
$ hydra -l <username> -P <password-list> -V <server> <service>
|
|
```
|