Forum Discussion
Bronze IIICredential Access: Using Hydra
The lab has now been updated to provide a little more context. Hopefully it helps a bit.
Bronze IBriefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"
when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.
- SamDickison
Community Manager
Hmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time.
- KingMashaba
Bronze II
Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump.
- SamDickison
Hey ChaosDuck26 and KingMashaba, I've caught up with the Cyber Team and they said that the briefing is supposed to be an example of a command, and that the idea is for the user to craft their own from the example. It sounds like you worked it out.
