Forum Discussion
Dark_Knight666
Bronze III
21 days agoCredential Access: Using Hydra
Hi team, I was wondering whether anyone can please help me, as I'm stuck on Q10. So the part I'm stuck on is trying to figure out how to put a command together to use - unix_users.txt and rockyou.t...
LewisMutton
Bronze III
21 days agoHello,
So there are various different things that could be tripping you up here.
If you go to your target IP address and specify port 8000 you will be sent to a login page (in my case this was http://10.102.108.182:8000 as seen in the screenshot below)
You need to identify what the login button request is actually pushing as the request in order to replicate it in your hydra request.
- Make sure you are using the listing arguments for user list (-L) and password list (-P)
- Ensure you are setting the failuremessage on the end so hydra knows what the request is successful - You can find this by visiting the site in a web browser as above and attempting to login. ("Login failed!")
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"