Forum Discussion
Dark_Knight666
Bronze III
Bronze IIICredential Access: Using Hydra
Hi team, I was wondering whether anyone can please help me, as I'm stuck on Q10. So the part I'm stuck on is trying to figure out how to put a command together to use - unix_users.txt and rockyou.t...
The lab has now been updated to provide a little more context. Hopefully it helps a bit.
LewisMuttonBronze III
Bronze IIIHello,
So there are various different things that could be tripping you up here.
If you go to your target IP address and specify port 8000 you will be sent to a login page (in my case this was http://10.102.108.182:8000 as seen in the screenshot below)
You need to identify what the login button request is actually pushing as the request in order to replicate it in your hydra request.
- Make sure you are using the listing arguments for user list (-L) and password list (-P)
- Ensure you are setting the failuremessage on the end so hydra knows what the request is successful - You can find this by visiting the site in a web browser as above and attempting to login. ("Login failed!")
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
