Looks like this module got updated so I don’t see any posts about the changed skills assessment and I am stuck on the first question:
“What is the password for the basic auth login?”
They give two wordlists for usernames and passwords. When using either hydra or medusa for brute forcing http basic auth the estimated time to completion is far longer than the life of my pwnbox. When running hydra with the two word lists provided and 64 threads it’s still an estimated 10+ hours to complete.
The only thing I can think of is that I need to shorten the word lists by removing any less than 6 characters, any without numbers, etc. however, I don’t know of any password policies associated with http basic auth by default and couldn’t find anything through google.
please push me in the right direction, thanks.
Are you using ‘wget [link]’ to download the username and password files? If so, keep in mind that these links point to the GitHub repository page rather than the raw content of the file itself. Make sure you are using the ‘raw’ link instead 
4 Likes
Thank you very much. I was using wget without realizing this was a link to a github.
This fixed it for me to. Thanks! Will keep an eye out for this in the future too.
Dude same… thank you so much, I didn’t realize I was using the page source for bruteforcing ■■■
Hey guys im having a similar problem i used
hydra -l top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt 83.136.254.75 http-get / -s 41237
and it doesn’t find any match i check the raw link and its correct Idk what happens.
Could you help me please?
1 Like
Check your Syntax, -l is telling Hydra to use “top-usernames-shortlist.txt” as the username rather than using the usernames in the file.
Thanks it solved my problem as well
thanks my friend. @SharpSword
1 Like