Hey Folks, in this tutorial we are going to discuss about another tool called “X-Hydra“. Basically it is a GUI version of the Hydra bruteforcing tool and if you want to know about its command line tool you can go here. Apart from this you can read the complete introduction of this tool by visiting our previous article.

Let’s take a look 🙂 !!

X-Hydra

As we told you this is the GUI version of the Hydra tool that we can boot using the following command.

Basic Brute force Attack

In this attempt we will use dictionary for getting the correct login details. In the targets tab, we will fill single host, port and protocol details and move towards the password section.

Now here we have to give the location of both username and password dictionary files. You can make an powerful dictionary from here.

Just we go to the “start” tab and click on the start button. As you can see that after hitting the start button we got 2 valid credentials.

Bruteforce on Forward Port

Sometimes the administrator changes the port number to give additional protection to the running services. As you can see that now the FTP service is running on port 2121.

Now we need to change the port number instead of service.

Done 🙂 !! As you can see it worked and even it gave us valid credentials.

Verbose Mode

By enabling both of these features we can see deeper details of the ongoing brute force attack.

Nice 🙂 !! The results are in front of you and we can clearly see that which user and password combination it’s using to get the right credentials.

Guessing Passwords

Now we will use the specific user and try to find the correct credential using the password word list.

Great 🙂 !! It successfully finds the correct login details without using more combinations.

Combo

Now we will put both username and password in a file and separate them from each other using colon. We will then select the file location where we created the file.

Nice 🙂 !! Finally it has got a valid username and password.

Multiple Hosts

All you have to do is create a list of hosts and submit the location of that file on target list option.

Done 🙂 !! Likewise we can get better results by using all these features of this tool.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *