CyberSec Lab — Hydra Password Cracking

██╗ ██╗██╗ ██╗██████╗ ██████╗ █████╗ ██║ ██║╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗ ███████║ ╚████╔╝ ██║ ██║██████╔╝███████║ ██╔══██║ ╚██╔╝ ██║ ██║██╔══██╗██╔══██║ ██║ ██║ ██║ ██████╔╝██║ ██║██║ ██║

HYDRA

NETWORK LOGIN BRUTE-FORCE TRAINING ENVIRONMENT

MODULE 02 — PASSWORD CRACKING · SSH · FTP

Loading wordlists...

OBJECTIVES

Read the target brief

Run a basic Hydra SSH attack

Use -t flag to tune threads

Crack the SSH password

Verify login with SSH command

Crack the FTP service too

Submit the pentest report

💻

Terminal

📖

Reference

📝

Notepad

📋

Report

MISSION BRIEFING

BRUTE-FORCE CREDENTIAL ATTACK — APEX CORP

SCENARIO

You are a penetration tester who has been engaged by Apex Corp to assess the security of their development server. Intelligence gathered during recon suggests the server is running SSH and FTP with weak credentials. Your job is to use Hydra to brute-force both services and document the findings.

TARGET

Property	Value
IP Address	192.168.1.105
Hostname	devbox.apexcorp.local
OS	Ubuntu 22.04 LTS
Open Ports	22 (SSH), 21 (FTP)
Known Username	developer
Wordlist	/usr/share/wordlists/rockyou.txt

PHASES

Phase 1 — Understand the target
Phase 2 — Run Hydra against SSH
Phase 3 — Tune performance with flags
Phase 4 — Verify the cracked credentials
Phase 5 — Attack the FTP service
Phase 6 — Document findings

HINTS

The basic Hydra syntax is: hydra -l [user] -P [wordlist] [ip] [service]
Use -t 4 to set 4 parallel threads for SSH
Once you crack SSH, verify with: ssh [email protected]
FTP uses the same username but a different password
Type help in the terminal for all commands

Display Mode

TERMINAL — attacker@kali:~$

┌──(attacker㉿kali)-[~]

└─$ # Hydra Brute-Force Lab — Target: 192.168.1.105

└─$ # Type "help" for available commands

┌──(attacker㉿kali)-[~]└─$

REFERENCE — HYDRA BRUTE-FORCE

HYDRA SYNTAX

hydra -l <user> -P <wordlist> <target> <service>

hydra -l <user> -P <wordlist> -t <threads> <target> <service>

KEY FLAGS

Flag	Meaning
-l username	Single username to try
-L userlist	File with multiple usernames
-p password	Single password to try
-P wordlist	File with many passwords
-t 4	Number of parallel threads
-s port	Custom port (default: service default)
-v	Verbose — show all attempts
-V	Very verbose — show each attempt live
-o file	Write results to output file
-f	Stop after first found pair

SUPPORTED SERVICES

Service	Default Port
ssh	22
ftp	21
http-get	80
smb	445
rdp	3389
mysql	3306

EXAMPLE COMMANDS

Basic SSH attack

hydra -l developer -P /usr/share/wordlists/rockyou.txt 192.168.1.105 ssh

SSH with 4 threads (recommended)

hydra -l developer -P /usr/share/wordlists/rockyou.txt -t 4 192.168.1.105 ssh

FTP attack

hydra -l developer -P /usr/share/wordlists/rockyou.txt 192.168.1.105 ftp

Verify SSH login after cracking

ssh [email protected]

SSH RATE LIMITING

SSH servers often throttle connections. Use -t 4 (not higher) to avoid getting locked out. Hydra will warn you if the server is rate-limiting.

NOTEPAD — FINDINGS SCRATCHPAD

PENTEST REPORT — CREDENTIAL BRUTE-FORCE

CAPTURED FLAGS

Copy the flag lines exactly as they appeared in the Hydra terminal output and paste them below.

SSH FLAG — paste the cracked credential line from the terminal

FTP FLAG — paste the cracked credential line from the terminal

Score: 0 / 2