[Help using Hydra on web form]

Appologies for the double post I couldn't find the edit button. Is there one?

Ignore the parsing alert box thing I've figured it out. I have managed to build the wget command to log into the site and the compared the output for a successful and unsuccessful login manually. The command is:

wget --save-cookies cookies.txt --keep-session-cookies --auth-no-challenge --post-data 'login_option=0&password=nope' http://10.1.1.1/login.cgi

The login_option and login.cgi come from burpsuite output as in OP.

Now I just need to build a script to automate it - happy days! Thanks for the help so far guys.

[Help using Hydra on web form]

if you send a proper request, you should see a response...

if you already have a scripting language of choice. you truly are better off. a tool like Hydra is developed for a broad range of protocolS. any plugins modules or firewalls this server may have installed could potentially cause Hydra to miss...

you need to look at the traffic, investigate 2 scenarios...

what would a failed response look like?

what would a successful response look like?

what I have done in the past through a scripting language, sort through your password list processing each line with wget

you can then grep threw the output files generated by wget.

this is a fun subject. I encourage you to spend the time and experiment on other services as well... you will come across firewall rules that make this subject much more exciting :-)

Like a chess game with your eyes closed.

So I've got the response for both a failed login and a successful login. The failed one is the response in the OP, the successful one is just the router control panel page. And in the case of the hydra command I am feeding it the correct login information (or at least that is what I'm trying to do - not sure if I've got it right thats the problem) so it should work but it still does not identify the password as correct.

Given that the response for a fail is in the form of an alert box, how do I script something to parse through the text of an alert box? Or do I not need to do that? I'm a little confused.

[Help using Hydra on web form]

Hi I am very new to all this. I am trying to learn how to use Hydra. I've done some reading online and had a go at using it against my own router. I am using Burpsuite to get the POST and response info.

My router login page does not have a field for a login only for a password. The default password being "admin".

On trying to login to the router using an incorrect password I get the following output:

POST /login.cgi HTTP/1.1
Host: 10.1.1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.1.1.1/login_main.html
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

login_option=0&password=asdf

and the response I get back is:

HTTP/1.1 200 Ok
Server: micro_httpd
Cache-Control: no-cache
Date: Sat, 19 Sep 2015 16:27:20 GMT
Content-Type: text/html
Connection: close

<html>
<head>
<meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
<script language="JavaScript">
function back_page()
{
   var loc = 'login.html';
   var code = 'location="' + loc + '"';
   eval(code);
}
</script>
</head>
<body>
<script language="JavaScript">
     alert("Invalid password");
     back_page();
</script>               
</body>
</html>

Given I am just tryint to test out Hydra at the moment and learn it I figured I'd give it the correct login credentials so it only has to make one attempt. My hydra command is as follows:

hydra -l 0 -p admin 10.1.1.1 http-post-form "/login_main.html:login_option=^USER^&password=^PASS^:Invalid password" -V

However I am getting no joy. It is not able to identify "admin" as the correct password.

Any help would be greatly appreciated.