Hi all,
I started to learn using hydra recently and tried to brute force some web base login form which i already have access to,but after running the required command of hydra which is as follows..
hydra -l User -p passlist.txt caesary.ar.r2games.com http-get-form "/index.php?action=login&mail=^USER^&pwd=^PASS^&type=0:INVALID Message"
- Tried Several Times To Change The Invalid Password Message to : "???" , "???" , "????" But hydra is returning all passwords in the list as vaid passwords .
- Tried Several Times To Change The Invalid Password Message to : "????" , "???????" But hydra is returning all passwords in the list as invalid passwords .
- Tried To Change The http-get-form to http-post-form in the 2 upper case
NOTE : There Is No Variables Except : mail , pwd , type , Action
what is the wrong with the code ..? what are the modification should be made ..?
I Realized That the problem is Because the FAILURE LOGIN MESSAGE is made with Javascript and appears on MessageBox .. Is that right ? and What is the solution .. ?!
The Login Form :
The INVALID PASSWORD MESSAGE :
Waiting For Responses , Thanks All
Be the First to Respond
Share Your Thoughts