Forum Discussion
Credential Access: Using Hydra
- 26 days agoThe lab has now been updated to provide a little more context. Hopefully it helps a bit. 
Briefing needs to be updated. I see why you got stuck here. The briefing says to use...
hydra -l admin -P /path/to/wordlist.txt http-post-form \
"http://example.com/login.php:username=^USER^&password=^PASS^&submit=Login:Invalid password"
when hydra won't accept this. The correct format is:
hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/rockyou.txt -s 8000 10.102.108.182 http-post-form "/login:username=^USER^&password=^PASS^:F=Login failed!"
Wasted too much time troubleshooting the query when the briefing was wrong! Thanks LewisMutton Dark_Knight666 KingMashaba for the write up here! Hope it helps others that are stuck on this question.
Hmm, I'll bring this up with support to see if they can do something about it. Sorry it wasted your time.
- KingMashaba30 days agoBronze II Please do check this, the briefing notes need to be updated. Even the section on Credentials - ntds, which is in the same lab as this one. you cannot run secrectsdump.dy as stated in the notes, needs to be run as impacket-secrectsdump. - SamDickison30 days agoCommunity Manager Hey ChaosDuck26 and KingMashaba, I've caught up with the Cyber Team and they said that the briefing is supposed to be an example of a command, and that the idea is for the user to craft their own from the example. It sounds like you worked it out. - ChaosDuck2626 days agoBronze I Thanks SamDickison This conflicts with other Briefings and speaks to the inconsistency from Immersive. The expectation is the commands in the command prompt section of the Briefings should be the correct format at a minimum. Telling me this is just, and example is fine, but make it a valid example in the Briefing!