Where the hacker uses several usernames and passwords to login, known as brute-force
How to do Bruteforce attack
By the way there are many tools available to do Bruteforce, but we will use a great tool here which is the tool of Kali linux called Hydra.
💡 Brute Force attack is an attack that applies the gassed name, but think through an argument, it will take a lot of time but will definitely log in
Hack using Hydra tool
Example Security label : 0,1 & 5
- First open Hydra tool in kali linux
- Now copy the URL of the form where the form is being posted.
- Check the three parameters(username/password/message) of the form and do it according to the Hydra tool
[email protected]~: hydra-L /root/Desktop/userlist.txt -P /root/Desktop/passwordlist.txt locolhost "/mutillidae/index.php?username=^USER^&password=^PASS^&login-php-submit-button=Login:Password incorrect"
- /root/Desktop/password.txt : The password.txt is a dictonary many password list
- /root/Desktop/username.txt : The username.txt is a dictonary many username list
- /mutillidae/index.php?username=^USER^&password=^PASS^&login-php-submit-button=Login:Password incorrect : This is form post Url to set parameter
Live hacking example
- Create a dictionary file of a username list, or download it from what I have Download now
- Create a dictionary file of a password list, or download it from what I have Download now
- Now you follow the given example and use the location of the username and password file correctly.
- If the username and password match with the file you have given, then you will immediately get it in green color, as seen in the example.
- Always remember one thing, it takes time to make brute force, this Depend is on the file given by you, according to the username and password will be
After being finally bruteforce, you got the list of username and password. Now try to Login
💡 Tip: Bruteforce takes too long, it depends on the user's name and password dictionary list, so please be patient