Jump to content

THC-Hydra with password only login form


Recommended Posts

I’m trying to get THC-Hydra working on a website form which doesn’t require a username just the password. It is a local site of my router If I load IP then this site is comming up:




I loadet the site via Bump suit and this is the result:

Host: XXX.30.192.189:10080
User-Agent: x
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXX.30.192.189:10080/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144
Content-Type: application/json; charset=UTF-8
X-JNAP-Action: http://cisco.com/jnap/guestnetwork/Authenticate
Expires: Fri, 10 Oct 2013 14:19:41 GMT
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Content-Length: 80
Connection: close


Wrong password this appears on the site: Invalid guest password. Please try again.


This is my command:


hydra XXX.30.192.189:10080 http-form-post "/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144:guest-pass=^PASS^:F=Invalid guest password. Please try again.:" -l ''  -P toplel.txt


But the comment is not working correctly because I get the response all passwords are true. Is my command syntax wrong?


Link to post
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...