I’m trying to get THC-Hydra working on a website form which doesn’t require a username just the password. It is a local site of my router If I load IP then this site is comming up:
http://IP:PORT/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=172.30.192.144
I loadet the site via Bump suit and this is the result:
POST /JNAP/ HTTP/1.1
Host: XXX.30.192.189:10080
User-Agent: x
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXX.30.192.189:10080/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144
Content-Type: application/json; charset=UTF-8
X-JNAP-Action: http://cisco.com/jnap/guestnetwork/Authenticate
Expires: Fri, 10 Oct 2013 14:19:41 GMT
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Content-Length: 80
Connection: close
{"macAddress":"8c:70:5a:f4:0f:6c","ipAddress":"XXX.30.192.144","password":"lol"}
Wrong password this appears on the site: Invalid guest password. Please try again.
This is my command:
But the comment is not working correctly because I get the response all passwords are true. Is my command syntax wrong?