Hydra Basics
What is the main function of Hydra in cybersecurity tasks?
A) Hash password encryption
B) Crack login credentials over network services
C) Scan for open ports
D) Create secure passwords
B) Crack login credentials over network services
What type of file does John the Ripper need to begin cracking passwords?
A) Log file
B) Hashed password file
C) Port list
D) IP address list
B) Hashed password file
Why are dictionary attacks faster than incremental attacks?
A) Use GPU
B) Try known, common passwords
C) Skip login
D) Reverse hashes
B) Try known, common passwords
Which of these defenses can stop brute-force attacks? (Choose two)
A) Lockout after failed attempts
B) No password login
C) Rate limiting
D) Using plaintext passwords
A) Lockout after failed attempts
C) Rate limiting
Which Hydra option displays each login attempt in real-time?
A) -v
B) -X
C) -P
D) -V
D) -V
What protocol would this Hydra command attack?
hydra -l root -P passwords.txt ssh://192.168.1.10
A) FTP
B) SSH
C) HTTP
D) RDP
B) SSH
What type of file does John the Ripper need to begin cracking passwords?
A) Log file
B) Hashed password file
C) Port list
D) IP address list
B) Hashed password file
What is a common password list used by attackers?
A) darklist.txt
B) secrets.txt
C) rockyou.txt
D) tokens.json
C) rockyou.txt
What is the legal requirement for using brute-force tools like Hydra on a system?
A) Explicit permission
B) VPN access
C) Internet access
D) Strong wordlist
A) Explicit permission
What does the -l flag in Hydra specify?
A) Login name
B) Log file
C) Line count
D) Listen port
A) Login name
Hydra is primarily used to attack which of the following targets?
A) Password hashes
B) Firewall rules
C) Encrypted archives
D) User accounts on network services
D) User accounts on network services
Which John the Ripper version supports cracking a wider range of hash types?
A) Standard
B) Jumbo
C) Trial
D) Admin
B) Jumbo
What kind of transformation is a hash?
A) One-way
B) Bi-directional
C) Reversible
D) Encrypted
A) One-way
Which of the following would make a password harder to brute-force?
A) Repeating characters
B) Dictionary words
C) Random length and symbols
D) Your pet’s name
C) Random length and symbols
What would -t 16 do in Hydra?
A) Test 16 usernames
B) Use 16 threads for speed
C) Time delay of 16 seconds
D) Try 16 passwords
B) Use 16 threads for speed
Which of the following is NOT a feature of Hydra?
A) Protocol support
B) Multi-threaded attack
C) Password hash cracking
D) Login brute-forcing
C) Password hash cracking
What’s a major difference between John and Hydra?
A) John works online
B) Hydra cracks hashes
C) John cracks offline password hashes
D) Hydra defends against attacks
C) John cracks offline password hashes
What is a common reason brute-force attacks succeed?
A) Passwords are too strong
B) Firewalls too strict
C) Users choose weak or reused passwords
D) Encryption outdated
C) Users choose weak or reused passwords
Which of these is NOT a good way to protect against brute-force?
A) Strong passwords
B) 2FA
C) Saving passwords in a text file
D) Lockout policies
C) Saving passwords in a text file
What command cracks a hash file using rockyou.txt with John the Ripper?
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
What does the -p flag in Hydra represent?
A) Port
B) Protocol
C) Password
D) Payload
C) Password
Which of the following hash types can John the Ripper crack?
A) MD5
B) SHA1
C) bcrypt
D) All of the above
D) All of the above
Why is salting important in password storage?
A) Shortens the hash
B) Adds randomness to prevent rainbow table attacks
C) Removes duplicate users
D) Encrypts password
B) Adds randomness to prevent rainbow table attacks
You’re testing a login page on your own server. What must you do before running Hydra?
A) Change DNS
B) Use John first
C) Get authorization
D) Save logs
C) Get authorization
Which John the Ripper command shows cracked passwords?
john --show hash.txt