Jump to content

THC-Hydra with password only login form


Recommended Posts

I’m trying to get THC-Hydra working on a website form which doesn’t require a username just the password. It is a local site of my router If I load IP then this site is comming up:




I loadet the site via Bump suit and this is the result:

Host: XXX.30.192.189:10080
User-Agent: x
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXX.30.192.189:10080/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144
Content-Type: application/json; charset=UTF-8
X-JNAP-Action: http://cisco.com/jnap/guestnetwork/Authenticate
Expires: Fri, 10 Oct 2013 14:19:41 GMT
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Content-Length: 80
Connection: close


Wrong password this appears on the site: Invalid guest password. Please try again.


This is my command:


hydra XXX.30.192.189:10080 http-form-post "/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144:guest-pass=^PASS^:F=Invalid guest password. Please try again.:" -l ''  -P toplel.txt


But the comment is not working correctly because I get the response all passwords are true. Is my command syntax wrong?


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...