Problem with Bruteforce Using Hydra

Dec 26, 2016 07:58 PM
636183501388477868.jpg

Hi all,

I started to learn using hydra recently and tried to brute force some web base login form which i already have access to,but after running the required command of hydra which is as follows..

hydra -l User -p passlist.txt caesary.ar.r2games.com http-get-form "/index.php?action=login&mail=^USER^&pwd=^PASS^&type=0:INVALID Message"

  • Tried Several Times To Change The Invalid Password Message to : "???" , "???" , "????" But hydra is returning all passwords in the list as vaid passwords .
  • Tried Several Times To Change The Invalid Password Message to : "????" , "???????" But hydra is returning all passwords in the list as invalid passwords .
  • Tried To Change The http-get-form to http-post-form in the 2 upper case

NOTE : There Is No Variables Except : mail , pwd , type , Action

what is the wrong with the code ..? what are the modification should be made ..?

I Realized That the problem is Because the FAILURE LOGIN MESSAGE is made with Javascript and appears on MessageBox .. Is that right ? and What is the solution .. ?!

The Login Form :

636183501388477868.jpg

The INVALID PASSWORD MESSAGE :

636183501894415358.jpg

Waiting For Responses , Thanks All

Comments

No Comments Exist

Be the first, drop a comment!