nigco Posted December 13, 2017 Share Posted December 13, 2017 I’m trying to get THC-Hydra working on a website form which doesn’t require a username just the password. It is a local site of my router If I load IP then this site is comming up: http://IP:PORT/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=172.30.192.144 I loadet the site via Bump suit and this is the result: POST /JNAP/ HTTP/1.1 Host: XXX.30.192.189:10080 User-Agent: x Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://XXX.30.192.189:10080/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144 Content-Type: application/json; charset=UTF-8 X-JNAP-Action: http://cisco.com/jnap/guestnetwork/Authenticate Expires: Fri, 10 Oct 2013 14:19:41 GMT Cache-Control: no-cache X-Requested-With: XMLHttpRequest Content-Length: 80 Connection: close {"macAddress":"8c:70:5a:f4:0f:6c","ipAddress":"XXX.30.192.144","password":"lol"} Wrong password this appears on the site: Invalid guest password. Please try again. This is my command: Quote hydra XXX.30.192.189:10080 http-form-post "/ui/dynamic/guest-login.html?mac_addr=8c%3A70%3A5a%3Af4%3A0f%3A6c&url=http%3A%2F%2Fdetectportal.firefox.com%2Fsuccess.txt&ip_addr=XXX.30.192.144:guest-pass=^PASS^:F=Invalid guest password. Please try again.:" -l '' -P toplel.txt But the comment is not working correctly because I get the response all passwords are true. Is my command syntax wrong? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.