> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/bruteforce/ssh/trick-0388.md).

# SSH Brute-Force with Hydra

***

To perform an online brute-force attack against an SSH service using Hydra, targeting specific user credentials:

```bash
hydra -l <username> -P <password_list> ssh://target1.ine.local
```

This command uses the `-l` flag for a single username or `-L` for a username list, and the `-P` flag for a password list (e.g., `/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt`) to attempt to guess the correct password for the target SSH server.

To use a list of usernames instead of a single one, the command would look like this:

```bash
hydra -L /root/users.txt -P /root/passwords.txt ssh://192.168.1.1
```

This uses `/root/users.txt` as the list of potential usernames and `/root/passwords.txt` as the list of potential passwords.

Several other options can be useful for optimizing or controlling the attack. The `-vV` flag provides verbose output, showing more details about the attack progress. The `-t` flag allows specifying the number of parallel tasks or connections to use, for example, `-t 16`. The `-f` flag can be used to exit after the first successful login is found. You can specify a different SSH port using the `-s` flag, for example, `-s 2222`. Output can be saved to a file using the `-o` flag.

The target can also be specified by placing the service after the target IP or hostname, like this:

```bash
hydra -L users.txt -P passwords.txt 192.168.1.1 ssh
```
