Hi I am very new to all this. I am trying to learn how to use Hydra. I've done some reading online and had a go at using it against my own router. I am using Burpsuite to get the POST and response info.
My router login page does not have a field for a login only for a password. The default password being "admin".
On trying to login to the router using an incorrect password I get the following output:
POST /login.cgi HTTP/1.1
Host: 10.1.1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.1.1.1/login_main.html
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
login_option=0&password=asdf
and the response I get back is:
HTTP/1.1 200 Ok
Server: micro_httpd
Cache-Control: no-cache
Date: Sat, 19 Sep 2015 16:27:20 GMT
Content-Type: text/html
Connection: close
<html>
<head>
<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
<script language="JavaScript">
function back_page()
{
var loc = 'login.html';
var code = 'location="' + loc + '"';
eval(code);
}
</script>
</head>
<body>
<script language="JavaScript">
alert("Invalid password");
back_page();
</script>
</body>
</html>
Given I am just tryint to test out Hydra at the moment and learn it I figured I'd give it the correct login credentials so it only has to make one attempt. My hydra command is as follows:
hydra -l 0 -p admin 10.1.1.1 http-post-form "/login_main.html:login_option=^USER^&password=^PASS^:Invalid password" -V
However I am getting no joy. It is not able to identify "admin" as the correct password.
Any help would be greatly appreciated.