I am trying to brute force a Login.aspx page. It has two text fields - txt_Username and txt_Password The form submit however looks like this:
On wrong login, there is a popup which shows the message Wrong User Name or Password. I have a correct username and password for testing. I put that, along with few wrong passwords in mostcommon.txt file. I ran the below command:
.\hydra -V -l 10026 -P mostcommon.txt -o
found.txt xxx.yyy http-post-form “/Login.aspx:txt_Username=^USER^&txt_Password=^PASS^:Wrong"
However, I get all 5 passwords as valid. What am I doing wrong? Any help would be much appreciated.
If you want to use Hydra I would just recommend getting an iso of Kali linux just go to Kali.org and download the iso file and burn it i'm pretty sure people are gonna get mad at this comment this is just a suggestion.
I notice that some people on this comment page are just asking to access an email account or a game account. keep in mind that THC Hydra brute forces using a dictionary attack, meaning that a file with a bank of common passphrases is run through by the program, to crack an authentication service. You can't just expect it to plug into an auth. service and instantly crack the password, unless you give it limitations (I'm assuming, because I use aircrack-ng with crunch), so it knows where to look. I recommend that you read the README file included. If you don't understand what it says, then... I don't know, man.
I have been using this for my internal ethical hacking tasks to brute force telnet access to Cisco network devices (routers, switches etc) with great success. It is very fast and stable tool. Have been using it on Kali Linux lately.
I have a problem, I was instaling hydra using a guide from google, i did everything but when i enter the place in cmd where I puted hydra files it says it cant finde path but i did everything.... my mail is email@example.com if anyone can help me install hydra, to explain me from skratch how to do it
I'm amazed of the many protocols supported, and its fast! a windows gui would be great though
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).