Forum Thread: Issue Regarding Hydra Password List

Hey all,

I was wondering if anyone could advise:
I have a VPS that i am using to practice and understand ethical hacking.

When I use a large password list with hydra i notice that if i place the known password after about the 90th password, it never picks it up as being the correct password.

Here is my command:
"proxychains hydra -l root -P /root/Downloads/TestList.txt IPHERE ssh -V -v"

The output in the auth.log on the server im attacking says:
"Disconnecting: Too many authentication failures for root preauth"

Does this mean that my hydra is running too fast? Do i need to slow it down some how, and if so - how?

3 Responses

Brillant, thanks for the reply!

So, assuming that the MaxAuthTries is 30 for a standard machine, how do I go about slowing down hydra so that it never hits this limit and blocks attempts to log in?

From what I've read the default numbers of thread hydra runs at is 16. Using the -t switch you can change this; for example if you want to bring the number of threads down to 3 just do proxychains hydra -t 3 -l root -P /root/Downloads/TestList.txt IPHERE ssh -V -v. I don't know if this will actually bypass the MaxAuthTries but it will slow down hydra.

Cheers,
Washu

Share Your Thoughts

  • Hot
  • Active