I want to check if my syntax for Hydra is correct for the Lernaen challenge.
It seems to be running ok, but hasn’t come up with anything so I just want to be sure it is actually working right!
hydra -l "" -P /usr/share/wordlists/rockyou.txt http-post://docker.hackthebox.eu:60686"/password=^PASS^:Invalid password!"
What output are you given?
@Skunkfoot said:
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-web-form-passwords-with-thc-hydra-burp-suite-0160643/
This is a good source although it can be a bit jumbled. The main points to take away are:
@XXXXXian said:
@Skunkfoot said:
https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-online-web-form-passwords-with-thc-hydra-burp-suite-0160643/
- Hydra assumes default port, unless explicitly specified…
I think this might be where he’s running into issues. As far as I know, Hydra looks for 3 sets of information separated by colons: username/list, password/list, and failure message. Hydra might be confusing your port specification because you’re using a colon in the url. Try running hydra --help for proper syntax. Also, your specification for a POST form is off, check the link for an example.
Challenged solved. Cheers dudes
could someone help me with sorting out hydra? i can only get 1 try per task per minute. i tried medusa since my hydra seems to be bitchy but medusa craps out on me with a sigsegv on bigger wordlists, so that’s unacceptable. FYI my connection is good enough, never had any problems, it’s just hydra not working properly. help please!