Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
- -p PASS or -P FILE try password PASS, or load several passwords from FILE
- -e nsr try "n" null password, "s" login as pass and/or "r" reversed login
- -u loop around users, not passwords (effective! implied with -x)
- -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
- -t TASKS run TASKS number of connects in parallel (per host, default: 16)
- -w / -W TIME waittime for responses (32s) / between connects per thread
- -v / -V / -d verbose mode / show login+pass for each attempt / debug mode
- -q do not print messages about connection errors
- -U service module usage details
- server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
- service the service to crack (see below for supported protocols)
- OPT some service modules support additional input (-U for module help)
- HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.
- E.g.: % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)
- % export HYDRA_PROXY_HTTP=http://proxy:8080
- ...SNIP...
- Syntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
- ...SNIP...
- Third is the string that it checks for an *invalid* login (by default)
- Invalid condition login check can be preceded by "F=", successful condition
- login check must be preceded by "S=".
- This is where most people get it wrong. You have to check the webapp what a
- failed string looks like and put it in this parameter!
- "/login.php:user=^USER^&pass=^PASS^:incorrect"
- ...SNIP...
- Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement