xHydra

*xHydra is a dictionary attack tool, by which we can make a Word List attack. What we need to do is just to download a huge 2 Word List files, by which, xHydra can crosscheck the UserName & the Password on the remote PC – our target\victim.*

But 1st, we need a Word List files…pssttt…heyyy…come closer, let me tell you a secret, there is a folder inside Kali Linux by the default, that contains a huge Word List.
Now you probably asking yourself where is that folder? It’s pretty easy, just open a terminal and navigate to:
assault@kalivm:~$ cd /usr/share/wordlist

*You should get this*

WordList

As you can see at the picture above, there is a file that called: rockyou.txt.gz. There are 2 reasons why this file is marked in red color.
Reason 1, becasue the file is compressed by zip.
Reason 2, the file is compressed because, this is a huge txt file of 51MB size (and this is a zip file), this is huge! for txt file.
You can check the file size yourself, there are 2 ways to check the file size on Linux.
*Way 1*
Open termial & type:
assault@kalivm:~$ sudo du -h rockyou.txt.gz
*Way 2*
assault@kalivm:~$ sudo xdg-open /usr/share/wordlist/
*Now, hit right click on the wordlist.txt.gz package & properties – like in Windows OS*

*Let’s navigate to rockyou.txt folder & copy the file into /Documents folder & unzip the file*
Open terminal & type 1 by 1:
assault@kalivm:~$ cd /usr/share/wordlist
assault@kalivm:~$ ls
assault@kalivm:~$ sudo cp rockyou.txt.gz /home/tux/Documents
assault@kalivm:~$ cd
assault@kalivm:~$ cd ~/Documents
assault@kalivm:~$ ls
assault@kalivm:~$ sudo gzip -d rockyou.txt.gz
assault@kalivm:~$ ls
*As you can see, now the rockyou.txt file is unzipped & ready to go*

 

[HOW TO RUN XHYDRA]
#1) Open termial & type:
assault@kalivm:~$ sudo xhydra

 

*You should get this*

App

 

#2) Now let’s fill in the details about our target

*Target tab*
(Target)
*Single Target=192.168.50.7*
*Port=3389*
*Protocol=rdp*
(Output Option)
*Check=Show Attempts*
*Check=Be Verbose*

*Like this*

Conf-target

 

 

*Password tab*
(Username)
*Check=Username List*
*Click on the blank area and add the wordlist.txt file*
(Password)
*Check=Password List*
*Click on the blank area and add the password.txt file*
(At the bottom)
*Check= Try login as password*

*Like this*

Password-target

*Now, go to Start tab, and hit start at the right bottom of the tab, and wait until something will comes up – it could take some time*

*Until you will get this*

Target-hacked

*Now, xHydra opened an RDP session onto your target!*

 

ENJOY! 🙂

 

Here is an example by Gamer Forever