This repository replicates a controlled environment where a brute force attack is practiced on a vulnerable server. Docker was used to facilitate the distribution of the project.
-
clone repo.
git@github.com:Branyoe/brute-force_lab.git
-
run compose app.
docker compose up -d
-
paste your dictionary.txt file in the dictionaries directory.
-
watch attacked container logs.
docker logs attacked -f
-
in another console instance, inspect docker compose network to see attacked container IP.
docker network inspect brute-force_lab_default
-
in another console instance, access to attacker container console.
docker exec -it attacker /bin/bash -
run attack.
hydra \ -l <target_user> \ -P /dictionaries/<dictionary_name>.txt \ <target_ip> -s <target_port> \ http-form-post \ "/<target_endpoint>:<body_req_user_key>=<target_user>&<body_req_password_key>=^PASS^:<successfully_msg>"
-
espected result.
