How to HACK Website Login Pages | Brute Forcing with Hydra


🃏 CCNA Flashcards –

Get a great book –
Take a video course –
Use practice exams –

Twitter –
Instagram –
LinkedIn –
Discord –

Disclaimer: These are affiliate links. If you purchase using these links, I’ll receive a small commission at no extra charge to you.

HackTheBox Academy

Learn to hack with HackTheBox Academy ▶
Start the Bug Bount Hunter Training ▶
Put your skills to the test with HackTheBox ▶

00:00 Why target login pages?
00:23 Types of attack
02:19 Setup with Hack the Box
03:46 Command format
05:31 Dictionary attack
16:48 How to protect ourselves
17:28 Outro

Most websites have login pages and in this video, I’m going to show you how to hack them!

So why target login pages? Well, behind every login page is access to confidential information or even administrator-level access.

This is gold dust for hackers! So as penetration testers or bug bounty hunters, it’s extremely valuable for us as well.

So how do we actually go about hacking a login page?

There are two main types of attacks we can use here. Brute forcing and dictionary attacks.

A brute force attack is where you try every possible password that exists. For example, we might start with A, then AA, then AAA, then AAB, and so on and so on until the correct password is found.

In theory, this will eventually find the correct password, no matter what it is. However, the time it takes can vary greatly.

For example, finding a 5-character password with only lowercase letters could take seconds. A 16-character password with numbers, uppercase and special characters, however, could take millions of years!

This is why we use the second type of attack called a dictionary attack. A dictionary attack is actually a type of brute force.

But instead of trying every possible combination of letters, numbers and symbols, we use a prebuilt list of possible passwords.

Us humans are not as smart as we like to think! We tend to use passwords that are easy to type, easy to remember and even reuse that same password over and over again.

So we can use lists of passwords containing words, phrases and known passwords from past data breaches and there is a good chance we will find a match.

Lucky we don’t need to type these passwords ourselves. There are plenty of tools we can use to do this for us. Probably the most popular one is called Hydra.

Hydra is a free tool used to hack logins, and it’s what we are going to use today.


Leave a Reply

Your email address will not be published. Required fields are marked *