refr3sh Posted December 2, 2016 Share Posted December 2, 2016 Hello, I’m trying to get THC-Hydra working on a website form which doesn’t require a username but hydra wants me to specify it with either –l, –L or -C. The form field in question needs the following parameters, as far as I’ve found out using Burp Suite Free Edition: password=test&do_login=yes&Submit=Log+in I’m also not sure what service to use and what success or failure message the server sends (Burp Suite doesn't show it and the website doesn't display any message - it just refreshes and shows the same page), currently I’ve tried http-form-post with the following parameters hydra –t 5 –L users.txt –f –x 2:6:a www.<url>.com http-form-post “/protected:password=^PASS^:S=success” (Note that I’ve specified, with –L users.txt, a username file but this is not required by the website’s form field) The website’s form can be found under www.<url>.com/protected, how do I tell hydra to target the /protected page, and no only the www.<url>.com part? What can I do? Any ideas? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.