Help with THC Hydra

Off-topic
1

I’ve got a problem with THC Hydra. Whenever I put in the command for cracking a web form, being:

hydra -l -P BG_wordlist_and_digits_1-1_all_combinations.txt http-post-form “/user/login:xuser=^USER^&xpass=^PASS^&do.auth.x=Login:LOGIN FAILED!” -V

Instead of starting the command, Hydra just resets and I get the following text again:

"Hydra v9.1-dev (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (GitHub - vanhauser-thc/thc-hydra: hydra) starting at 2020-05-26 11:47:45
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]

Options:
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
-p PASS or -P FILE try password PASS, or load several passwords from FILE
-C FILE colon separated “login:pass” format, instead of -L/-P options
-M FILE list of servers to attack, one entry per line, ‘:’ to specify port
-t TASKS run TASKS number of connects in parallel per target (default: 16)
-U service module usage details
-m OPT options specific for a module, see -U output for information
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)

Supported services: adam6500 asterisk cisco cisco-enable cvs ftp http-{head|get|post} http-{get|post}-form http-proxy http-proxy-urlenum icq imap irc ldap2 ldap3[-{cram|digest}md5] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3 postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp smtp-enum snmp socks5 ssh sshkey teamspeak telnet vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs.
Licensed under AGPL v3.0. The newest version is always available at;

Please don’t use in military or secret service organizations, or for illegal
purposes. (This is a wish and non-binding - most such people do not care about
laws and ethics anyway - and tell themselves they are one of the good ones.)

Example: hydra -l user -P passlist.txt ftp://192.168.0.1"

How can I make Hydra execute the command?

2

hydra -l -P BG_wordlist_and_digits_1-1_all_combinations.txt is the problem. -l expects a username (or -L) for a wordlist

3

Typically when a tool spits its help menu back at you, it means there’s an issue with your syntax :slight_smile:

4

@clubby789 said:
hydra -l -P BG_wordlist_and_digits_1-1_all_combinations.txt is the problem. -l expects a username (or -L) for a wordlist

I’m sorry, turns out some parts in the command weren’t visible because of the code on this forum. The command was:

hydra -l [username] -P BG_wordlist_and_digits_1-1_all_combinations.txt [domain name] http-post-form “/user/login:xuser=^USER^&xpass=^PASS^&do.auth.x=Login:LOGIN FAILED!” -V

I can’t figure out what the issue in the syntax is.

5

bump

6

Nobody?

7

Its fairly difficult to help because hydra can be a bit picky on syntax.

The message you are getting implies something isn’t being accepted and normally this is down to incorrect switches or unbalanced quotes etc. The example you’ve given seems correct which makes it hard to understand the error.

The general syntax is: hydra -l <USER> -P <Password LIST> <IP Address> http-post-form "<Login Page>:<Request Body>:<Error Message>" which is what you have put as far as I can see.

Double check for typos in your command.

You can try hydra http-post-form -Uto get the module specific guidance which might help you troubleshoot it a bit more.

8

Thanks, when I try the command for the module specific guidance, I get the following:

Hydra v9.1-dev (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (GitHub - vanhauser-thc/thc-hydra: hydra) starting at 2020-06-11 09:22:27
[ERROR] Unknown service: -U

9

Ok, as far as I can see your syntax looks correct.

Double check that a typo hasn’t crept in at some point as that is the most likely reason to see it dump the help page.

Try hydra against some other targets to make sure it hasn’t broken.

Is this a box on HTB or a something else?

10

I tried, but it doesn’t work on other targets either. It’s something else.

11

Then you might have a broken install of hydra, but the error messages imply it is running.

12

How can I fix the install?

13

Uninstall, purge (remove all configs, etc.) and reinstall it :wink:

14

I did, but exactly the same still happens.

15

Its hard to help here because it genuinely looks like there is some other problem on your system.

Look at it this way:

If hydra doesn’t work on any target the problem is hydra, your system or your command line choices.

If you are confident your command line choices are correct, the problem is with hydra or your system.

If you are confident you have uninstalled and reinstalled hydra, the problem is on your system.

Now we go into a world of trouble shooting - for example checking you dont have a firewall on your OS which is blocking specific traffic, checking you dont have a firewall on your host OS if you are running a VM, checking AV isn’t blocking it, checking your router isn’t blocking it, checking your ISP isn’t blocking it - and so on. It is hard to impossible to do all this remotely so your choices are:

  1. find a methodological way to eliminate potential problems and work through it
  2. use a different tool
16

Option #3:
In case you use a VM, try installing a fresh VM and only install/use hydra inside that new VM, with the same parameters.

17

Excellent suggestion @HomeSen .