OWASP Exercises: Dictionary Attack using Hydra

Developed with
QA

Lab Steps

lock
Load the Virtual Machines (Kali & Hydra)
lock
Conduct the Dictionary Attack

The hands-on lab is part of this learning path

Introduction to Ethical Hacking Tools
course-steps
10
certification
3
lab-steps
15
description
9

Ready for the real environment experience?

DifficultyIntermediate
Time Limit40m
Students78
Ratings
3.8/5
starstarstarstar-halfstar-border

Description

Attackers constantly try to crack the passwords of other people in order to gain access to their accounts. The dictionary attack is one of the most common ways of attempting to crack a user's password. The attack works by attempting to use all of the words in a given dictionary file as the password for the user. If the user's password is in the dictionary used in the attack, the attacker is able to gain access. Hydra is a well-known tool for performing dictionary attacks.

In this lab, you will use Hydra to perform a dictionary attack on a locally hosted website.

Learning Objectives

Upon completion of this lab you will be able to:

  • Set up Hydra to perform a dictionary attack on a website

Intended Audience

This lab is intended for:

  • Individuals who want to learn how to defend against dictionary attacks on websites
  • Security engineers who want to understand the security level of the passwords they are using inside their company
  • Individuals who want to understand how a dictionary attack is performed

Prerequisites

This lab has no prerequisites.

 

Updates

July 9th, 2020 - Enabled direct browser RDP connection for a streamlined experience

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW
About the Author
Students864
Labs6
Courses1
Learning paths2

Richard Beck is Director of Cyber Security at QA. He works with customers to build effective and successful security training solutions tailored for business needs. Richard has over 15 years' experience in senior Information Security roles. Prior to QA, Richard was Head of Information Security for an organisation who underpin 20% of the UK's Critical National Infrastructure. Richard also held Security and Technical Management posts in the Defence, Financial Services and HMG. Richard sits on a number of security advisory panels and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI). Richard is also a STEM Ambassador working to engage and enthuse young people in the area of cyber security. Providing a unique perspective on the world of cyber security to teachers and encourage young people to consider a career in cyber security.