Brute-forcing passwords with THC-Hydra
THC-Hydra (or simply Hydra) is a network logon cracker, that is, an online cracker, which means that it can be used to find login passwords by brute-forcing network services. A brute force attack is the one that tries to guess the correct password by attempting all the possible combinations of characters; these type of attacks are guaranteed to find an answer, even if they take ten million years to do it.
Although it is not feasible for a penetration tester to wait for more than a few days or maybe hours to get the login password for a website, sometimes testing a few username/password combinations in a large number of servers might be very productive.
In this recipe, we will use Hydra to break into a login page using a brute force attack over some known users.
Getting ready
We will need to have a user name list, as we browsed through our vulnerable_vm we saw some names of valid users in many applications; let's create a text file (ours will be users.txt...