Forum Thread: How Do I Use THC-Hydra with Password-Only Form Field

Hello,

I'm trying to get THC-Hydra working on a website form which doesn't require a username but hydra wants me to specify it with either –l or –L.

The form field in question needs the following parameters, as far as I've found out using Burp Suite Free Edition: password=test&do_login=yes&Submit=Log+in

I'm also not sure what service to use and what success or failure message the server sends, currently I've tried http-form-post with the following parameters hydra –t 5 –L users.txt –f –x 2:6:a www.<url>.com http-form-post "/protected:password=^PASS^:S=success"

(Note that I've specified, with –L users.txt, a username file but this is not required by the website's form field.

The website's form can be found under www.<url>.com/protected, how do I tell hydra to target the /protected page, and not only the www.<url>.com part?

I'm running hydra out of VM Kali

Thank you

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active