Hydra not working with a wordlist

[Muidem]

I'm attacking my ssh server with hydra and if I give it a username and password using -l and -p it works fine. If, however, the password is contained within a wordlist, hydra skips it and does not report a successful login. I at first thought the number of tasks might be too high but even on -t1 it still skips the password if it's in a wordlist. Any ideas? Here are the commands I'm using:

works

Code:

hydra -l [username] -p [password] -t2 -f -vV 10.10.100.100 ssh2

fails

Code:

hydra -l [username] -P [path/to/wordlist] -t1 -f -vV 10.10.100.100 ssh2

UPDATE: I think the problem is that it's trying too fast. I found out that if I put the password at the very beginning of the list (the first word) then it will work as expected. If the correct password is any lower down the list than the 3rd or 4th word then it just gets skipped. I have -t1 which is as low as I can get it. I'm out of ideas at this point.

[sickness]

Try using medusa

[maestro485]

I ran into the same issue. At first I thought hydra was broken, but when I put the known password in a file with just 4 other words hydra cracked it.

Medusa is ok, but it takes absolutely forever compared to hydra. Even if you try to bump up medusa's simultaneous logins, medusa will complain and lower the number automatically because it can't keep up.

Hopefully someone can come up with a fix.

Also, for what it's worth, there is the ssh_login auxiliary module in metasploit.

If you happen to use it, there is a fairly long delay from issuing the "run" command and the module actually running -- the bigger the word list, the longer the delay (a half hour or more at times).

I don't think it's any faster than medusa, but it's there to try, and unlike medusa it doesn't continually eat up more RAM, so you don't have to keep restarting a scan while using big word lists.

[maestro485]

Also, for what it's worth, there is the ssh_login auxiliary module in metasploit.

If you happen to use it, there is a fairly long delay from issuing the "run" command and the module actually running -- the bigger the word list, the longer the delay (a half hour or more at times).

I don't think it's any faster than medusa, but it's there to try, and unlike medusa it doesn't continually eat up more RAM, so you don't have to keep restarting a scan while using big word lists.

[komafr]

hydra 6.0 will be out soon, with a ssh module fix, hope it will work in your case

[vern96]

Was happy to find this thread! Not happy that there is no answer!

Exact symptoms, known password works when in the first few of a wordlist, but is not found when placed down in the wordlist.... Tried alot of different combinations of thread/timeouts....

Hope someone comes up with an answer!

[offroadaz]

anyone found an answer yet?

[2901119]

I wish I could help im stuck at the same spot except i can't even get this working to crack my router... I've read every damn post on this forum that had the word hydra in it, and still i get the same results every time I run this tool it tells me that the first word in my list is the correct password. I've tried using http-get, and http-head. I've even tried the latest version of hydra still nothing.

[offroadaz]

Just an update to this, I downloaded version 6.1 and it works fine now

Id recommended manually installing it and using the very latest version rather then the one installed on BT

[thorin]

You could also look at ncrack from the nmap suite.