After I completed the module with hydra in HackTheBox, I wanted to try a hydra dictionary attack for myself on an existing website. Therefore, I created a new account on a website, which seems not very complicated for carrying out a hydra brute force attack there. And please notice: I have no intention in doing any illegal activities. I am just trying to learn more about cyber security because I am very interested in it and for better job opportunities.
However, my code does not work, even though I made the same things as shown in the module. Unfortunately, hydra does not recognize the right password in the list but is showing false positives and I am not sure where I made the mistake. My closest guess would be, that I named the login forms wrong. Could that be?
Here some informations about the target:
IP-Address: 176.9.141.111
Username: jonas_koch2@web.de
Password: Freetown24!
My hydra code:
hydra -l jonas_koch2@web.de -P passlist.rtf -u -V -f 176.9.141.111 http-post-form “/#:login_email_username=^USER^&login_password=^PASS^:F=<form name=‘login_email_username’”
Thanks a lot in advance!