In this recipe, we will crack HTTP passwords using the THC-Hydra password cracker (Hydra). Access to websites and web applications are generally controlled by username and password combinations. As with any other password type, users typically type in weak passwords.
A connection to the Internet or intranet and a computer that we can use as our victim are required to complete this recipe.
Let's begin the process of cracking HTTP passwords.
From the Start menu, select Applications | Kali Linux | Password Attacks | Online Attacks | hydra-gtk.
Now that we have Hydra started, we will need to set our word lists. Click on the Passwords tab. We will use a username list and a password list. Enter the location of your username and password lists. Also select Loop around users and Try empty password.
Username List:
/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/names/nameslist.txt
Password List:
/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user...