How to HACK Website Login Pages | Brute Forcing with Hydra

1,247,992

25,364 0

Published 2022-09-20

MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisco-ccna?utm_source=you…

FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards

HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisco-ccna?utm_source=you…
✔ Use practice exams - www.certbros.com/ccna/Exsim

SOCIAL
🐦 Twitter - twitter.com/certbros
📸 Instagram - www.instagram.com/certbros
👔 LinkedIn - www.linkedin.com/company/certbros
💬 Discord - www.certbros.com/discord

Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------

HackTheBox Academy

Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy
Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox

00:00 Why target login pages?
00:23 Types of attack
02:19 Setup with Hack the Box
03:46 Command format
05:31 Dictionary attack
16:48 How to protect ourselves
17:28 Outro

Most websites have login pages and in this video, I’m going to show you how to hack them!

So why target login pages? Well, behind every login page is access to confidential information or even administrator-level access.

This is gold dust for hackers! So as penetration testers or bug bounty hunters, it's extremely valuable for us as well.

So how do we actually go about hacking a login page?

There are two main types of attacks we can use here. Brute forcing and dictionary attacks.

A brute force attack is where you try every possible password that exists. For example, we might start with A, then AA, then AAA, then AAB, and so on and so on until the correct password is found.

In theory, this will eventually find the correct password, no matter what it is. However, the time it takes can vary greatly.

For example, finding a 5-character password with only lowercase letters could take seconds. A 16-character password with numbers, uppercase and special characters, however, could take millions of years!

This is why we use the second type of attack called a dictionary attack. A dictionary attack is actually a type of brute force.

But instead of trying every possible combination of letters, numbers and symbols, we use a prebuilt list of possible passwords.

Us humans are not as smart as we like to think! We tend to use passwords that are easy to type, easy to remember and even reuse that same password over and over again.

So we can use lists of passwords containing words, phrases and known passwords from past data breaches and there is a good chance we will find a match.

Lucky we don’t need to type these passwords ourselves. There are plenty of tools we can use to do this for us. Probably the most popular one is called Hydra.

Hydra is a free tool used to hack logins, and it's what we are going to us

All Comments (21)

@Certbros 1 year ago

Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox
@ByronCorpus-rd6uc 1 month ago

The other positive for Metaspyclub is it's the only coin in crypto with legal clarity. Can't be understated how important that is for institutional investments
@feliciaware7609 8 months ago

The efficiency of this Top phase Resolution is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work Mike !!!
@user-tj2tt3cw4j 1 month ago

Now we just need to see the Metaspyclub price also move in the same direction as these charts. Up. Very Up.
@user-nw6uc1sr9n 1 month ago

I was sure last year would end terrible for me but I think Metaspyclub is spot on with what they do and how they do it. Cant say for how long its going to work and for sure it is overyhped right now but even if just half a year or something it would be smart to ride the wave and then jump away eventually, but the reason why this is smart right now is because its so cheap, wont ever find a better entry than now
@santiagogarza4436 1 month ago

Swapping my ETH and swapping to Metaspyclub . Already up as expected. I wish I left on all the junk way earlier to step deep into this ride, they rock
@soufianetaoufik7830 1 year ago

You are a legend, still in university but from time to time i go back to your network course to refresh my memory
@richking5565 9 months ago

I struggle to understand a lot of videos like this until I come across your video is the best I really appreciate you taking your time to explain everything
@omar.5076 2 months ago

The best tutorial ever! It is completely explicit! This is commendable! And, here you have earned a subscriber! You deserve that sir!
@drjebzbornwellshimukuwa 10 months ago

This is great work and you guy are very loud and clear at explaining.great work
@tonytor5346 1 year ago

Admirable! It would take me weeks to understand the basics! Great presentation!
@celestebravo6 1 month ago

Just swapped all of my last ETH and swapped it into Metaspyclub . Already up a little bit. Unfortunately I have some other junk staked which won’t free up for a while. Still now I am on the train!
@ahmedsahaladamhassan8508 1 year ago

The way you explaining is excellent you deserve 1M subscribers | waiting your next video 💯
@bulhackacademy 1 year ago

Great video, I think people who are beginning their journey will find it incredibly helpful.
@saidmarin9325 1 month ago

Need more Metaspyclub content. Converted my ETH to BTC but kept my Metaspyclub
@JohanGFS 1 year ago

Muy bien explicado! excelente contenido para aprendices de ciberseguridad! 👏👏
@JoseAbreuu 1 year ago

At the end of Hydra command, you can also add "-V" so you can see Hydra trying all the combinations
@andrewchandler6733 8 months ago

I consider you JUST AN INTRUSION to be both a professional and mentor to those in your profession. I can always rely on your feedback and thoughts. I know that the door is always open for communication with you, which makes each process we work on together so much easier to complete. You are such an incredible problem-solver. Wow. Just wow.
@abijahjames621 8 months ago

There is no doubt that you will rise fast at the apex of your career Top phase Resolution .Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock
@user-ij2kh8mr5c 1 month ago

Got in at Metaspyclub at $1 but will be holding it till $50. Even at that price market cap is reasonable for its tech.