Hydra THC web form dictionary attack

[nikosdano 1]

Hello,

Here is a tutorial for how to dictionary attack at web forms (You can also find it in my blog Here).

THC hydra is a powerful program that you can find it at Backtack OS.With Hydra you can perform a dictionary attack against http form,smb,routers and more.

#Step 1) So to start the attack you have to find a good wordlist.Wordlist is a txt/lst file with many complex word inside.(A good wordlist contains numbers,characters,letters).You can download a wordlist from the web or you can make your own wordlist.(Recommended).So download crunch(Wordlist creator from here install it go to the installation folder (crunch-3.3)and run the following command

hydra www.site.com  http-form-post  "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L  /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o  /root/Desktop/attack.txt

and then run:

hydra www.site.com  http-form-post  "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L  /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o  /root/Desktop/attack.txt

Your screen should look like this now

#Step 2)So once the wordlist is ready you have to run hydra thc and execute the attack.

Open hydra (Backtrack > Privilege Escelation > Password Attack > Online Attacks > hydra )

#Step 3)Now go to the login page of the target/site > right click > View page source , to view the source code of the forms.

You will see something like this(but of course different and not exactly like the following):

<form name="input" action="kwd.php" method="post">

Username:

<input type="text" name="user">

Password:

<input type="password" name="pass">

Just write the action page,the method,the username name and the password name in to a txt file to remember them.

Now before we finish we have to make a try with random password and username to take an error.(Dont forget to write the error message in te txt file)Like this:

In this case the error message/Wrong login is ACCESS DENIED

Now it's time to perform the attack.Once we now the Username name the paswword name thes action page and the method we are ready!

Now go to the hydra window (have a look at step 2 again) and type the following command

hydra www.site.com  http-form-post  "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L  /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o  /root/Desktop/attack.txt

You have to change the "www.site.com" with the target's site, the /directory

with the login page directory e.g index/Login.php the user with the username name of the site(Step 3) ,the pass with the password name of the site(Step 3) and the ERROR MESSAGE with the error message that the target gives you.In this case "ACCESS DENIED" e.g "Wrong username or Password" .

Thank you!

Nikos Danopoulos

[Patrick 6]

Thanks for this tut, always handy. BUT may i ask how big your dictionairy is because i am not used to see Hydra need as much as 560 hours to process?!