So when I do hydra -l Admin -P "rockyou.txt" -s 80 192.168.13.1 http-get / it doesn't work for me. It says all 16 passwords are valid, but none of them works. Can anyone help me with this? I tried googling and found others having this issue, but none of them were descriptive enough for me to resolve this. I'm using a D-Link DIR 655 router, and that's what I want to try to bruteforce, but all the passwords it tries are valid (16 for that matter).
Asked
Active
Viewed 3,912 times
0
Anders
- 64,406
- 24
- 178
- 215
Yannic Schwarz
- 1
- 1
- 1
-
If you are using the same "rockyou.txt" that I do, it contains over 14 million passwords, if you are only seeing 16 results then something is wrong. – Red_Shadow Aug 13 '14 at 18:46
-
Well its like so cause i saw someone saying that THC Hydra didnt find the Login and Password field where to try the brute force on, therefor it didnt get a fail response and said all passwords are correct, any idea? – Yannic Schwarz Aug 14 '14 at 20:18
1 Answers
2
I tried Hydra on an HTTP-POST web form and I kept getting false positives. After a lot of research and googling tutorials it turns out I did not identify the "failure response". When the login fails, the server replies with a failure response maybe a redirection or a string of text. I hope this points you in the right direction.
chubby_monky
- 358
- 2
- 8
-
The failure condition is the one thing most people forget to do for Hydra. – schroeder Sep 16 '14 at 18:29