Hydra: One of the most well-known bruteforce tools

Mariann Csorba

The Kali Linux is an open source code operational system which is based in Debian. In the system we can find several „penetration” applications, such as:

  • Aircrack-ng
  • Hydra
  • Nmap
  • Wireshark
  • Metasplot framework
  • Maltego
  • Owasp-Zap
  • SQLMap
  • John
  • Burpsuite
  • Johnny
  • Pyrit
  • SIPcrack
  • PWdump
  • Rainbowcrack
  • Maskgen
  • Hexinject
  • SSLSniff
  • Dsniff

In this article, I am going to tell you more about the Hydra’s operation and elaborate on how the BitNinja provides protection against it. Hydra works as a bruteforce program and it is one of the best password cracking tools in the world. It can be used with several protocols, like: HTTP, HTTPS, FTP, SMTP, SQL and CISCO.



In this article, I am going to perform password cracking on two servers, one of which is protected by BitNinja while the other one is not. First of all, for the attack we will need a good password list ( this is easy to obtain from the Internet ) After this we need to open Kali Linux and enter: Hydra. Now we are able to read a short description about its usage.

To attack an FTP account we need to use the following command:

hydra -l -P passwordlist ftp://

After some time we can see the results, in a „malicious” case the user-password pair.

Case #1



As the attacked server is not protected by Bitninja, it is defenseless against unsolicited attempts. But let’s see what happens if we are attacking a server which has a through protection:

Case #2




The attempt fails. On the admin.bitninja.io we can see the attacks coming from the attacker IP. In our example, we can see that someone tried to intrude into the account many times with a wring password. Firstly, the IP gets greylisted, then if the software experiences more incidents from the IP it will blacklist it. This way the hacker does not have a chance to crack the FTP gateway with bruteforce.

How did you like our article? Tweet your opinion, or share it with us on Facebook!

Share your ideas with us about this article

Previous posts

Our port Honeypot module is out of Beta
We are happy to announce that our developers officially released the port honeypot module. The port honeypot is a perfect way to fight against zero-day attacks and many of our customers are satisfied with it because the module catches and entraps hackers who attempt to break into or scan their servers making them aware of the incoming malicious traffic. The module sets up 100 honeypots chosen randomly from the 1000 most commonly used ports and is able to detect malicious port scanning conducted by hackers.For example, it gets installed on a port where usually there should not be in...
How to monitor your server load?
What is the average load in Linux? The load is a measure of the amount of computational work that a computer system performs. The Linux generates a metric of three average load numbers in the kernel which the user can easily query by running the uptime command. The three values of load average refer to the past one, five, and fifteen minutes of system operation. Each process using or waiting for CPU increments the load number by 1, however, Linux also includes processes in uninterruptible sleep states (waiting for I/O activity). For example, if you have an eight-core CPU, and the l...