Hello,
I’m trying to get THC-Hydra working on a website form which doesn’t require a username but hydra wants me to specify it with either –l, –L or -C.
The form field in question needs the following parameters, as far as I’ve found out using Burp Suite Free Edition: password=test&do_login=yes&Submit=Log+in
I’m also not sure what service to use and what success or failure message the server sends (Burp Suite doesn't show it and the website doesn't display any message - it just refreshes and shows the same page), currently I’ve tried http-form-post with the following parameters hydra –t 5 –L users.txt –f –x 2:6:a www.<url>.com http-form-post “/protected:password=^PASS^:S=success”
(Note that I’ve specified, with –L users.txt, a username file but this is not required by the website’s form field)
The website’s form can be found under www.<url>.com/protected, how do I tell hydra to target the /protected page, and no only the www.<url>.com part?
What can I do?
Any ideas?