Sponsored
Dictionary and Bruteforce

X-Hydra – A GUI Based Brute Forcing Tool

Hey Folks, in this tutorial we are going to discuss about another tool called “X-Hydra“. Basically it is a GUI version of the Hydra bruteforcing tool and if you want to know about its command line tool you can go here. Apart from this you can read the complete introduction of this tool by visiting our previous article.

Let’s take a look 🙂 !!

X-Hydra

As we told you this is the GUI version of the Hydra tool that we can boot using the following command.

xhydra

Basic Brute force Attack

In this attempt we will use dictionary for getting the correct login details. In the targets tab, we will fill single host, port and protocol details and move towards the password section.

Now here we have to give the location of both username and password dictionary files. You can make an powerful dictionary from here.

Just we go to the “start” tab and click on the start button. As you can see that after hitting the start button we got 2 valid credentials.

Bruteforce on Forward Port

Sometimes the administrator changes the port number to give additional protection to the running services. As you can see that now the FTP service is running on port 2121.

Now we need to change the port number instead of service.

Done 🙂 !! As you can see it worked and even it gave us valid credentials.

Verbose Mode

By enabling both of these features we can see deeper details of the ongoing brute force attack.

Nice 🙂 !! The results are in front of you and we can clearly see that which user and password combination it’s using to get the right credentials.

Guessing Passwords

Now we will use the specific user and try to find the correct credential using the password word list.

Great 🙂 !! It successfully finds the correct login details without using more combinations.

Combo

Now we will put both username and password in a file and separate them from each other using colon. We will then select the file location where we created the file.

Nice 🙂 !! Finally it has got a valid username and password.

Multiple Hosts

All you have to do is create a list of hosts and submit the location of that file on target list option.

Done 🙂 !! Likewise we can get better results by using all these features of this tool.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
Sponsored
Shubham Goyal

A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.

Recent Posts

Gau (GetAllUrls) – Find Known and Hidden URL

The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…

4 months ago

Jsluicepp – Burp Extension for JS Secrets – BugBountyTip

Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…

9 months ago

Bypassing Firewalls (WAF) with XSS Payloads

Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…

9 months ago

Termux Cheat Sheet for Hackers

Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…

1 year ago

Cracking the X-Factor in Cybersecurity: How Humans are Protecting the Systems?

Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…

2 years ago

Cariddi – Hidden Endpoint Finder for Bug Hunting

Hey Folks, we are back today after such a long break, but don't worry we…

3 years ago
Sponsored

This website uses cookies.