Hydra is a login cracker that supports many protocols to attack ( Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP).

To open it, go to Applications → Password Attacks → Online Attacks → hydra.

In this case, we will brute force FTP service of metasploitable machine, which has IP

We have created in Kali a word list with extension ‘lst’ in the pathusr\share\wordlist\metasploit.

The command will be as follows −

hydra -l /usr/share/wordlists/metasploit/user -P /usr/share/wordlists/metasploit/ passwords –V

where –V is the username and password while trying


Johnny is a GUI for the John the Ripper password cracking tool. Generally, it is used for weak passwords.

To open it, go to Applications → Password Attacks → johnny.

In this case, we will get the password of Kali machine with the following command and a file will be created on the desktop.

Click “Open Passwd File” → OK and all the files will be shown as in the following screenshot

Click “Start Attack”.

After the attack is complete, click the left panel at “Passwords” and the password will be unshaded


john is a command line version of Johnny GUI. To start it, open the Terminal and type “john

In case of unshadowing the password, we need to write the following command −

[email protected]:~# unshadow passwd shadow > unshadowed.txt


The RainbowCrack software cracks hashes by rainbow table lookup. Rainbow tables are ordinary files stored on the hard disk. Generally, Rainbow tables are bought online or can be compiled with different tools.

To open it, go to Applications → Password Attacks → click “rainbowcrack”.

The command to crack a hash password is −

rcrack path_to_rainbow_tables -f path_to_password_hash

Leave a Reply

Your email address will not be published. Required fields are marked *