Hydra Introduction:

What is Hydra?

Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool.

Installing Hydra

If you’re using Kali Linux, hydra is pre-installed. Otherwise you can download it here:

  1. Read the above and have Hydra at the ready.

Using Hydra:

Deploy the machine attached to this task, then navigate to (this machine can take up to 3 minutes to boot)

Hydra Commands

The options we pass into Hydra depends on which service (protocol) we’re attacking. For example if we wanted to bruteforce FTP with the username being user and a password list being passlist.txt, we’d use the following command:


hydra -l <username> -P <full path to pass> -t 4 ssh

Post Web Form

We can use Hydra to bruteforce web forms too, you will have to make sure you know which type of request its making — a GET or POST methods are normally used. You can use your browsers network tab (in developer tools) to see the request types, or simply view the source code.

  1. Use Hydra to bruteforce molly’s web password. What is flag 1?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics