Forum Thread: Issue Regarding Hydra Password List

Hey all,

I was wondering if anyone could advise:
I have a VPS that i am using to practice and understand ethical hacking.

When I use a large password list with hydra i notice that if i place the known password after about the 90th password, it never picks it up as being the correct password.

Here is my command:
"proxychains hydra -l root -P /root/Downloads/TestList.txt IPHERE ssh -V -v"

The output in the auth.log on the server im attacking says:
"Disconnecting: Too many authentication failures for root preauth"

Does this mean that my hydra is running too fast? Do i need to slow it down some how, and if so - how?

4 Responses

Brillant, thanks for the reply!

So, assuming that the MaxAuthTries is 30 for a standard machine, how do I go about slowing down hydra so that it never hits this limit and blocks attempts to log in?

From what I've read the default numbers of thread hydra runs at is 16. Using the -t switch you can change this; for example if you want to bring the number of threads down to 3 just do proxychains hydra -t 3 -l root -P /root/Downloads/TestList.txt IPHERE ssh -V -v. I don't know if this will actually bypass the MaxAuthTries but it will slow down hydra.

Cheers,
Washu

hey guys ,

sry for getting back on an old track but i m new to ehical haking and need some help as i ve a bigger problem which is i created a small wordlist of about 15 passwords and when i run hydra to crack my own gmail acc it gives me a wrong pass as a valid one d sometimes it doesnt give me anything .. what to do!! please help

hydra -S -l<username> -P<password list> -e ns -V -s 465 smtp.gmail.com smtp

thanks .....

Share Your Thoughts

  • Hot
  • Active