Highest Voted 'hydra' Questions - IT Security Stack Exchange

12

votes

1 answer

Hydra bruteforce and JSON

I am having problems with Hydra and a JSON payload. The login request (intercepted with Fiddler), is the following: POST http://architectureservice.test.com/api/v1/login HTTP/1.1 Host: architectureservice.test.com User-Agent: Mozilla/5.0 (Windows…

passwords brute-force hydra

asked May 13 '14 at 09:12

Michael

5,393
2
32
57

11

votes

1 answer

Hydra http-post brute force for success

I'm having an issue with my syntax to brute force my own account on a server for testing and reporting purposes to protect the rest of the community at hand. hydra -l username -P /root/Desktop/Test.txt url.zz.za http-post-form…

hydra

asked Aug 21 '15 at 07:49

Soprono

321
1
2
9

10

votes

1 answer

Hydra says it found a password, but doesn't show it

I'm running Hydra against a vulnerable VM running on my own server. I'm trying to find the password for the "admin" username. This is the command I ran: hydra -vV -l admin -P /root/Documents/000webhost.txt 10.0.2.10 http-post-form…

hydra

asked Dec 28 '17 at 00:41

MyName

271
1
2
10

9

votes

1 answer

How to get and use constantly changing cookie JSESSIONID values in Hydra?

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-cookie: JSESSINOID=XXXXXXXXXX in every single…

passwords penetration-test brute-force kali-linux hydra

asked Apr 26 '17 at 11:25

Yash Kumar

91
5

8

votes

1 answer

Hydra when redirects

I'm using Hydra and I have trouble with this command: hydra 123.123.123.123 http-form-post \ "/se/login:j_username^USER^&j_password=^PASS^&submit=Log+in:/se/invalidLogin" \ -L /root/Desktop/users -P /root/Desktop/list` There are three…

brute-force hydra

asked Mar 11 '16 at 16:09

k1308517

1,272
14
27

4

votes

1 answer

Hydra - Possible to follow redirects

I'm trying to use Hydra on an ASP web application. Their login page uses the following method: site/Login: username/password If successful, I am redirect back to site/Login but with a newly set cookie, then redirected to site/Home If authentication…

asp.net hydra

asked Jul 14 '15 at 10:00

Rick

39
4

4

votes

1 answer

Analyzing log files for forensics homework?

Suppose two users have done a murder at 6pm at Dunkin Donuts, I have got the hard disks on site, disk1 and disk2. How do I identify the time and order of each user's activities on the hard disks? The Gmail communications are easy to pick on, but I…

ssh brute-force forensics logging hydra

asked May 12 '15 at 12:02

user2977715

63
3

4

votes

0 answers

Why does Hydra not stop when it finds a password?

Why does Hydra 8.1 not stop when it finds a password? I am using the -P option with a file that has over 5 Million passwords in it and the correct SSH password is located at approx. line 2100, but Hydra v 8.1 goes past that password and keeps going,…

brute-force password-cracking hydra

asked Apr 11 '15 at 17:45

Joe Roberts

41
1
2

4

votes

1 answer

Hydra gives wrong answers

Problem: Hydra keeps giving me incorrect passwords every time. I'm using brute-force via Hydra to guess the correct password on a certain website. First of all I used BurpSuite to intercept the page request: POST /abcdefg/ HTTP/1.1 Host:…

web-application penetration-test brute-force hydra

asked Nov 25 '13 at 11:52

Salcybercat

43
1
3

4

votes

1 answer

Hydra - Attacking when login page encodes the username and password

I needed to test how Hydra works, so I tried to attack my own wifi router. I set the user name as "user" and created a txt file containing 100 passwords including the "real" password. I am unable to read the log in of the http request that contains…

encoding hydra

asked Jun 03 '18 at 05:01

Tharindu Sathischandra

93
9

4

votes

0 answers

Hydra - all passwords work

I want to test some mechanisms of my website when the password of a single user is entered a lot of times in a short time incorrectly in the login form. Therefore I got Hydra (for windows) on GitHub. I have the following information: Host:…

penetration-test brute-force hydra

asked Apr 24 '18 at 13:46

mosquito87

141
2

4

votes

1 answer

Wireshark HTTP continuations (Hydra HTTP version)

I am trying to use Hydra to brute force a HTTP POST form page, however the page is returning a HTTP Continuation I'm not sure what that is. This is being caused by the HTTP/1.0 at the top of the request. I'm not sure how to change it to HTTP/1.1…

passwords brute-force wireshark hydra http-brute

asked Jan 09 '18 at 02:02

sunny-lan

251
1
6

4

votes

2 answers

Password Cracking Twitter With THC Hydra

I am looking to password crack my twitter account using THC Hydra but am running into some sort of syntax error. Here is what I have: hydra -l email@domain.com -P passphrase.txt -s 80 -f https://twitter.com https-post-form…

penetration-test password-cracking kali-linux hydra

asked Sep 01 '16 at 20:28

Travis Patron

103
2
5

4

votes

1 answer

How to run Hydra with json response?

I've been doing some bug bounty hunting and have been having problems with hydra. So there is a https login form, request is : https://bbsite/crp/login?password=pass&username=admin Problem is that response is in json. So for bad login it…

hydra

asked Mar 22 '16 at 16:01

Daniel Max

161
1
1
7

3

votes

1 answer

Legal website to practice using hydra

I am trying to learn how to use hydra to crack login passwords. Does anybody know a legal website I can crack and if so the information needed or the code needed to enter the form into hydra?

hydra

asked Apr 14 '15 at 02:14

user3517501

133
3

Questions tagged [hydra]