Hello, I feel like I am banging my head against a wall when I want to get hydra to do what I want.
I am trying a HTB room and want to perform a brute force attempt. I simply want to include a PHPSESSID header value along the HTTP requests but everytime I try, I get the same error: [ERROR] no valid optional parameter type given: F
This is what I try:
hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt \
-P /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt \
10.129.172.189 http-post-form \
"/:username=^USER^&password=^PASS^:F=Wrong Credentials:H=Cookie\: PHPSESSID=r412tpqqhl49qjhk4r8dl47n2q"
Or more simply
hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt \
-P /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt \
10.129.172.189 http-post-form \
"/:username=^USER^&password=^PASS^:F=Wrong Credentials:C=/"
Please tell me what I am doing wrong.
[link] [comments]
from hacking: security in practice https://ift.tt/BtWvzlQ
Comments
Post a Comment