Forum Thread: Every time when I use Hydra to attack on gmail, it gives me a new wrong password at every new attempt. Why is that so?

3 Responses

I have had this problem before when trying to dictionary attack my router with hydra. I got it to work by nmapping my router (nmap -T4 -A -v {my router ip}) and I found out that it was because I was using the default port so I used the -s option to select a port that was open on my router that I found from the nmap scan. Then it stopped giving me false passwords. Try this out! (The command to find the open ports for gmail.com would be: nmap -v -A gmail.com. Then when you find an open port use the -s option to use that open port and it shouldn't give you false passwords after that! Good luck ! :P (If you can't find any open ports use 80 or 443)

Thanks, buddy! :)
Gonna try it rn.

Gmail and a lot of sites nowadays will stop all attempts from a certain IP after a number of attempts in a certain time period. I think proxy chaining can work around this but I've never done it before. Also, I don't know if it is true, but it would make sense for such a big company like Google to instead of banning the IP to temporary deactivate the account so if the hacker was to change IPs after a number of logins to the account it would be temporarily disabled.

Basically websites will ban/disable the ip/account after a number of attempts in a certain time period.

Share Your Thoughts

  • Hot
  • Active