Hydra is a tool for brute-forcing web-page logins, but you probably already knew that, arriving at this post.<\/p>\n\n\n\n
I was trying to find the login for a URL that had \/index.php?page=sign_in.php at the end. Burp\/PHP code revealed is passed “username” and “login”, fairly standard. But the triple, colon-separated string you can optionally give Hydra as a last parameter, is not very well documented.<\/p>\n\n\n\n
In the end, this turned out to work:<\/p>\n\n\n\n
# hydra -I -L usernames.txt -P rockyou.txt -S -e nsr bb699ce28112f9a55a0c4fbcc6b2ed8e.ctf.hacker101.com https-post-form \"\/index.php?page=sign_in.php:username=^USER^&password=^PASS^:wrong\"<\/code><\/pre>\n\n\n\n“wrong” being a return text we were looking for to identify a failed login.<\/p>\n\n\n\n
So, \/index.php?page=sign_in.php as the first string, and the second string is not prefixced &, that is only used to separate the following parameters.<\/p>\n","protected":false},"excerpt":{"rendered":"
Hydra is a tool for brute-forcing web-page logins, but you probably already knew that, arriving at this post. I was trying to find the login for a URL that had \/index.php?page=sign_in.php at the end. Burp\/PHP code revealed is passed “username” … Continue reading