In this tutorial i will show you how to use THC hydra for performing a dictionary attack against a web form.For example username,password form.
THC hydra is a powerful program that you can find it at Backtack OS.With Hydra you can perform a dictionary attack against http form,smb,routers and more.
#Step 1) So to start the attack you have to find a good wordlist.Wordlist is a txt/lst file with many complex word inside.(A good wordlist contains numbers,characters,letters).You can download a wordlist from the web or you can make your own wordlist.(Recommended).So download crunch(Wordlist creator from here install it go to the installation folder (crunch-3.3)and run the following command
and then run:
./crunch 1 5 0123456789 > /root/Desktop/wordlist.txt
Your screen should look like this now
Open hydra (Backtrack > Privilege Escalation > Password Attack > Online Attacks > hydra )
#Step 3)Now go to the login page of the target/site > right click > View page source , to view the source code of the forms.
You will see something like this(but of course different and not exactly like the following):
<form name="input" action="kwd.php" method="post">
<input type="text" name="user">
<input type="password" name="pass">
Just write the action page,the method,the username name and the password name in to a txt file to remember them.
Now before we finish we have to make a try with random password and username to take an error.(Don't forget to write the error message in the txt file.)Like this:
|(In this case the error message/Wrong login is ACCESS DENIED).|
Now it's time to perform the attack.Once we know the Username name the paswword name the action page and the method we are ready!
Now go to the hydra window (have a look at step 2 again) and type the following command
hydra www.site.com http-form-post "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o /root/Desktop/attack.txt
You have to change the "www.site.com" with the target's site, the /directory
with the login page directory e.g index/Login.php the user with the username name of the site(Step 3) ,the pass with the password name of the site(Step 3) and the ERROR MESSAGE with the error message that the target gives you.In this case "ACCESS DENIED" e.g "Wrong username or Password" .