Hey Folks, in this tutorial we are going to discuss about another tool called “X-Hydra“. Basically it is a GUI version of the Hydra bruteforcing tool and if you want to know about its command line tool you can go here. Apart from this you can read the complete introduction of this tool by visiting our previous article.
Let’s take a look 🙂 !!
As we told you this is the GUI version of the Hydra tool that we can boot using the following command.
xhydra
In this attempt we will use dictionary for getting the correct login details. In the targets tab, we will fill single host, port and protocol details and move towards the password section.
Now here we have to give the location of both username and password dictionary files. You can make an powerful dictionary from here.
Just we go to the “start” tab and click on the start button. As you can see that after hitting the start button we got 2 valid credentials.
Sometimes the administrator changes the port number to give additional protection to the running services. As you can see that now the FTP service is running on port 2121.
Now we need to change the port number instead of service.
Done 🙂 !! As you can see it worked and even it gave us valid credentials.
By enabling both of these features we can see deeper details of the ongoing brute force attack.
Nice 🙂 !! The results are in front of you and we can clearly see that which user and password combination it’s using to get the right credentials.
Now we will use the specific user and try to find the correct credential using the password word list.
Great 🙂 !! It successfully finds the correct login details without using more combinations.
Now we will put both username and password in a file and separate them from each other using colon. We will then select the file location where we created the file.
Nice 🙂 !! Finally it has got a valid username and password.
All you have to do is create a list of hosts and submit the location of that file on target list option.
Done 🙂 !! Likewise we can get better results by using all these features of this tool.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.