Search the Community

Hi, I am trying to learn penetration testing and am using THC Hydra. What is the syntax for Hydra if I am trying to use the -x option ( charset, to determine password length and content)? I want to use special characters, minimum 6, maximum 10 characters. I am working with Windows 10. Could you include an example?

hydra 190.13.132.90 -s 8081 -V -L /home/nicolas/Escritorio/USER -P /home/nicolas/Escritorio/passwords.txt http-post-form "/user=^USER^&password=^PASS^=Ingresar&culture=es-CL&mobile=0&clasica=1:F=Usuario inexistente:H=Cookie: stwa2={"lang":"es-CL"}" Hydra v8.7-dev (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2018-04-29 14:34:51 [ERROR] the variables argument needs at least the strings ^USER^, ^PASS^, ^USER64^ or ^PASS64^: F=Usuario inexistente Could anyone write the correct string to use in hydra please? I’m a noob using hydra ? The username is Gonzalo Sepulveda. The full URL of the login is: http://190.13.132.90:8081/

So I want to audit a few SSH servers. I want to save the output of THC-Hydra to a file then use the out of the file as variables in the next step of auditing. Trying to automate this this as much as possible. hydra syntax: hydra -o /root/Desktop/cracked.txt -l donkeypuncher -P /root/Desktop/thepassword.txt -s 22 10.42.0.196 ssh I want to use the output from the saved text file for the next step. I can get this a number of ways. this is simple. cat /root/Desktop/cracked.txt | tail -1 I get this output here:: [22][ssh] host: 10.42.0.196 login: donkeypuncher password: fistingtiffany I want to pretty much save the host, user, and password variables so I can use them in my script in the next couple of steps. How do I go about this?

Hey Guys, I'm stuck up with this for a long time now. I've just started out on learning various basic techniques used for navigating around various security mechanisms. I referred a number of posts around the web about brute forcing routers with Hydra. Most of the articles are focused on beating the basic authentication provided by HTTP. And the links that describe brute forcing web logins do not seem to work when I've tried. My router is a DLINK DSL2750U ADSL Router left aside for testing purposes. Even most of other routers I tried consists of such web interface which is first loaded and a custom authentication web form using HTTP POST. I used this link as my main reference in understanding the process of bruteforcing. Here's a snapshot of my router's web based login page. As you see, a login form is presented and the username is given as a drop down consisting of only one element "admin". Also the login page is at 192.168.1.1/cgi-bin/webproc. Here is the source of the login page: router-login.source.txt To build up the command to execute hydra on this web form, I used BurpSuite. On intercepting the bad response, this is what I get : Once a wrong password is entered, the error message displayed is as below : The link does not change on the error message and the error message itself comes as a pop-up. Right clicking on the screen is set to off as well. At first, I ran my hydra command as below: hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:"Username or Password wrong:H=Cookie: %3Asessionid=68b3e673" This gives the hydra output as matching ALL passwords as correct in the dictionary. So I figure my incorrect/fail section for hydra is not right. Since my routers failed login does not give out any proper information, I tried looking at the "S=" option for the incorrect/fail section of hydra. I noticed that on successfully logging in I'm being redirected to link given below: http://192.168.1.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard So I modified my hydra command to the following : hydra -l "" -P "/root/pass.txt" 192.168.1.1 http-post-form "/cgi-bin/webproc:%3Ausername=^USER^&%3Apassword=^PASS^&%3Aa ction=Login:S=?getpage=html/index.html&errorpage=html/main.html&var:language=en_us&var:menu=setup&varage=wizard:H=Cookie: %3Asessionid=68b3e673" Now the output of hydra does not match any password in the list file. I've been trying many ways to get this done but am stuck up. Any help pointing towards the right direction would be helpful. If there's any more information you would want to know to help me out, please let me know. Looking to solving this somehow!! :(:( please help me. Now I'm just trying many permutations and combinations with the hydra arguments.Still no progress!

Hello, I’m trying to get THC-Hydra working on a website form which doesn’t require a username but hydra wants me to specify it with either –l, –L or -C. The form field in question needs the following parameters, as far as I’ve found out using Burp Suite Free Edition: password=test&do_login=yes&Submit=Log+in I’m also not sure what service to use and what success or failure message the server sends (Burp Suite doesn't show it and the website doesn't display any message - it just refreshes and shows the same page), currently I’ve tried http-form-post with the following parameters hydra –t 5 –L users.txt –f –x 2:6:a www.<url>.com http-form-post “/protected:password=^PASS^:S=success” (Note that I’ve specified, with –L users.txt, a username file but this is not required by the website’s form field) The website’s form can be found under www.<url>.com/protected, how do I tell hydra to target the /protected page, and no only the www.<url>.com part? What can I do? Any ideas?

Hello, I'm trying to hack into my router (Not doing anything nefarious) Can I get some help with the '/login.cgi' part? hydra 192.168.1.254 http-form-post "/login.cgi:sessionKey=177691457&inputUserName=^USER^&inputPassword=^PASS^:err" -L admin -P pass.txt -t 10 -w 30 -o hydra-http-post-attack.txt I'm guessing that in the current state even if hydra was to get the password correct it would still respond in "msg=err". Because I need to have a proper session key. Also any idea what "nothankyou=1" is? Do I need to have that in the command? Is there like a cookie file I have to use to generate session keys? Also ":err" is like a . "If response is not 'err' then that was a correct password" Is this piece correct? The browser returns "http://192.168.1.254/index.html?msg=err" Should it be ":msg=err"? Thanks for your help. POST http://192.168.1.254:80/login.cgi HTTP/1.1 Host: 192.168.1.254 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.1.254/ Cookie: Telus=T1200H-31.128L.07 Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-length: 68 sessionKey=1286954970&inputUserName=as&inputPassword=fd&nothankyou=1

Hi everyone, I have recently getting into hacking and after multiple videos, guides, and tutorials I decided to use Hydra and brute force my router. I was figuring out how everything worked, until I ran across one problem - the login error comes in the form of an alert box. After 2 hours of searching the web for solutions I have decided to come here. I used Burp to get the login form, but when I enter it the program runs 16 passwords, returns them all as valid, then stops. Everything would help, even a guide for me to read if I'm just doing something stupid. Thanks

Yo Hak5 Comm! Hope everyone is well. So I have a confession to make: I forgot my router login credentials. That having been said , I have a plan of attack: Backtrack 5r3 in VM ware on my iMac (that is hardlined ) to my Century Link all in one (I know I know ) Is there any reason Hydra can't bruit force a Century Link router? I think it's still an https protocol so I personally don't see why not. BUT I wanna make sure from those who have more experience than I. Also Hydra can accept .txt lists right? Or does it really need something like a .lst format? Thanks as always!! B)