Assistance with Hydra, N00b Hacker

Hey all, I just started hacking this week and pwned my first box the other day. Working on another box but having issues with hydra returning false positives. Here is my command for trying to brute force a Joomla website (v4.2.6)

hydra -l admin -P /usr/share/wordlists/rockyou.txt example.htb http-post-form "/administrator:username=admin&passwd=^PASS^&option=com_login&task=login&return=aW5kZXgucGhw&25635e86f755ae5e1f2edaf51dee5cfc=1:F=<form id='form-login'" 

It just keeps returning “1 of 1 target successfully completed, 16 valid passwords found” when none of them are correct.

Any suggestions on what’s wrong with my script? Thanks in advance!!

hydra -l admin -P /usr/share/wordlists/rockyou.txt machine.htb http-get

It works for Joomla.

How does that work? The form is a POST request not GET…