Hey, I managed to clear this section in “Attacking Common Applications” as showcased it the section, with joomla-bruteforce, but I couldn’t get it working with hydra, I tried looking at the logs (-d), but couldn’t understand what I was missing. I used the same wordlist that succeeded with joomla-brute force, but with no luck, any insights?
My commands looked like that, I also tried messages indicating failure, based on the login form hydra -P /usr/share/metasploit-framework/data/wordlists/http_default_pass.txt -l admin app.inlanefreight.local http-post-form '/administrator/index.php:username=^USER^&passwd=^PASS^&option=com_login&task=login&return=aW5kZXgucGhw=1:S=You have post-installation messages' -t 30