Sunday, October 30, 2011

How To Use Thc-Hydra

Credit goes to InsecureStuff
Here is the direct link to download the windows package of thc-hydra:

*Link Updated*

Some people had trouble finding the windows version and a hint is generally linux packages are in .tar.gz extension while windows packages are generally in .zip extesnsions.


  1. Hi, i'm using hydra as a proof of penetration attack in a school project but faced some problems. The problem now i'm facing is that, you stated in the post that if a correct pair of username and password is found, hydra will stop checking for the pair. However, even upon finding the correct pair( pre-defined, i already know the correct username and password), the application continues checking. How do i solve this?
    Example: Username = admin Password = password <-Correct one
    Username = admin Password = 12321321 <-Continue scanning.
    My cmd line: hydra -l admin -P pass.txt -o log.txt -V -f (ipaddr) http-post-form "/htmlpage".
    Another question is, the response that is defined after a bad login attempt is "You have specified an incorrect or inactive username, or an invalid password", do i enter this after password=^PASSWORD^:here?

  2. Hello there ..You should contact Insecure Stuff for this .
    But according to me , even on finding correct pair , hydra will not stop and find another correct pair.
    And i didn't get ur second question.

  3. i tried to download this but i got malware warnings, anyone else?