Jump to content

THC-Hydra with password only login form


nigco

Recommended Posts

I’m trying to get THC-Hydra working on a website form which doesn’t require a username just the password. It is a local site of my router If I load IP then this site is comming up:

 

http://IP:PORT/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=172.30.192.144

 

I loadet the site via Bump suit and this is the result:

POST /JNAP/ HTTP/1.1
Host: XXX.30.192.189:10080
User-Agent: x
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXX.30.192.189:10080/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144
Content-Type: application/json; charset=UTF-8
X-JNAP-Action: http://cisco.com/jnap/guestnetwork/Authenticate
Expires: Fri, 10 Oct 2013 14:19:41 GMT
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Content-Length: 80
Connection: close

{"macAddress":"8c:70:5a:f4:0f:6c","ipAddress":"XXX.30.192.144","password":"lol"}

Wrong password this appears on the site: Invalid guest password. Please try again.

 

This is my command:

Quote

hydra XXX.30.192.189:10080 http-form-post "/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144:guest-pass=^PASS^:F=Invalid guest password. Please try again.:" -l ''  -P toplel.txt

 

But the comment is not working correctly because I get the response all passwords are true. Is my command syntax wrong?

 

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...