How to HACK Website Login Pages | Brute Forcing with Hydra

1,278,508

25,877 0

Published 2022-09-20

MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisco-ccna?utm_source=you…

FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards

HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisco-ccna?utm_source=you…
✔ Use practice exams - www.certbros.com/ccna/Exsim

SOCIAL
🐦 Twitter - twitter.com/certbros
📸 Instagram - www.instagram.com/certbros
👔 LinkedIn - www.linkedin.com/company/certbros
💬 Discord - www.certbros.com/discord

Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------

HackTheBox Academy

Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy
Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH
Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox

00:00 Why target login pages?
00:23 Types of attack
02:19 Setup with Hack the Box
03:46 Command format
05:31 Dictionary attack
16:48 How to protect ourselves
17:28 Outro

Most websites have login pages and in this video, I’m going to show you how to hack them!

So why target login pages? Well, behind every login page is access to confidential information or even administrator-level access.

This is gold dust for hackers! So as penetration testers or bug bounty hunters, it's extremely valuable for us as well.

So how do we actually go about hacking a login page?

There are two main types of attacks we can use here. Brute forcing and dictionary attacks.

A brute force attack is where you try every possible password that exists. For example, we might start with A, then AA, then AAA, then AAB, and so on and so on until the correct password is found.

In theory, this will eventually find the correct password, no matter what it is. However, the time it takes can vary greatly.

For example, finding a 5-character password with only lowercase letters could take seconds. A 16-character password with numbers, uppercase and special characters, however, could take millions of years!

This is why we use the second type of attack called a dictionary attack. A dictionary attack is actually a type of brute force.

But instead of trying every possible combination of letters, numbers and symbols, we use a prebuilt list of possible passwords.

Us humans are not as smart as we like to think! We tend to use passwords that are easy to type, easy to remember and even reuse that same password over and over again.

So we can use lists of passwords containing words, phrases and known passwords from past data breaches and there is a good chance we will find a match.

Lucky we don’t need to type these passwords ourselves. There are plenty of tools we can use to do this for us. Probably the most popular one is called Hydra.

Hydra is a free tool used to hack logins, and it's what we are going to us

All Comments (21)

@Certbros 1 year ago

Learn to hack with HackTheBox Academy ▶ www.certbros.com/HTBAcademy Start the Bug Bount Hunter Training ▶ www.certbros.com/HTB_CBBH Put your skills to the test with HackTheBox ▶ www.certbros.com/HackTheBox
@drakshayanihiregoudra368 10 days ago

Metaspyclub gang in the house! Thanks for the analysis!
@bhils 10 days ago

Love the Metaspyclub content. I think this project is just as essential as HBAR and they both will be great movers
@feliciaware7609 9 months ago

The efficiency of this Top phase Resolution is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work Mike !!!
@omar.5076 2 months ago

The best tutorial ever! It is completely explicit! This is commendable! And, here you have earned a subscriber! You deserve that sir!
@soufianetaoufik7830 1 year ago

You are a legend, still in university but from time to time i go back to your network course to refresh my memory
@user-jd6mg2ht8t 9 months ago

This man really hit the ground running and hasn't stopped yet. He gives us more understanding of him without interviews and negative antics he just shows us who he is through the Recovery. True living legend. We salute you. Just An Intrusion . The execution, creativity, and goodness that came from it were inspiring on a number of levels. Cheers Alex looking forward to seeing what you do next!
@richking5565 10 months ago

I struggle to understand a lot of videos like this until I come across your video is the best I really appreciate you taking your time to explain everything
@drjebzbornwellshimukuwa 10 months ago

This is great work and you guy are very loud and clear at explaining.great work
@tonytor5346 1 year ago

Admirable! It would take me weeks to understand the basics! Great presentation!
@Ayak5990 8 months ago

This man really hit the ground running and hasn't stopped yet. He gives us more understanding of him without interviews and negative antics he just shows us who he is through the Recovery. True living legend. We salute you. Top phase Resolution . The execution, creativity, and goodness that came from it were inspiring on a number of levels. Cheers Olivia & looking forward to seeing what you
@ahmedsahaladamhassan8508 1 year ago

The way you explaining is excellent you deserve 1M subscribers | waiting your next video 💯
@bulhackacademy 1 year ago

Great video, I think people who are beginning their journey will find it incredibly helpful.
@JohanGFS 1 year ago

Muy bien explicado! excelente contenido para aprendices de ciberseguridad! 👏👏
@andrewchandler6733 8 months ago

I consider you JUST AN INTRUSION to be both a professional and mentor to those in your profession. I can always rely on your feedback and thoughts. I know that the door is always open for communication with you, which makes each process we work on together so much easier to complete. You are such an incredible problem-solver. Wow. Just wow.
@abijahjames621 9 months ago

There is no doubt that you will rise fast at the apex of your career Top phase Resolution .Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock
@JoseAbreuu 1 year ago

At the end of Hydra command, you can also add "-V" so you can see Hydra trying all the combinations
@Jackpolo937 1 year ago

Most websites blocks brute force attacks by banning ip addresses with X login failed attempts
@shireliyahu6801 1 year ago

Thanks a lot, your explanation is so good that I enjoyed every minute of this video.. Great job!!!
@jaywandery9269 7 months ago

This is a well put explanation. Thank you mate