Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- `hydra -l username -P passwordlist 127.0.0.1 https-post-form "/index.php:UserName=^USER^&Password=^PASS^&submit=logout:invalid" -vV -f`
- The option field (following the service field) takes three ":" separated
- values and an optional fourth value, the first is the page on the server
- to GET or POST to, the second is the POST/GET variables (taken from either
- the browser, or a proxy such as PAROS) with the varying usernames and passwords
- in the "^USER^" and "^PASS^" placeholders, the third is the string that it
- checks for an *invalid* or *valid* login - any exception to this is counted
- as a success.
- So please:
- * invalid condition login should be preceded by "F="
- * valid condition login should be preceded by "S=".
- By default, if no header is found the condition is assume to be a fail,
- so checking for *invalid* login.
Add Comment
Please, Sign In to add comment