-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https-form-post stops after first found #8
Comments
Hi! well, you are trying to do achieve something that is not what it was planned for :-) |
That would certainly work, but I wanted to leave as small a footprint on the machine as possible, so I was using the password generation capabilities for the IDs. If this isn't a bug (since -f is supposed to make it stop at the first confirmed login, and without it, it shouldn't stop), then it might be good to state that somewhere in the hydra -U https-form-post. |
the -f option results that ALL attempts on ANY account are terminated once one password is found for ANY account. so the -f option will make what you want unfeasible :-) |
Ah, gotcha. Thats good to know. And yes, I am a security consultant doing a few pentests. This was the first time I had to do user id enumeration like this, and I couldn't figure out why hydra wasn't playing well. Thanks for the clarification |
https-form-post stops after the first password is found. When running:
hydra https-form-post ":username=^PASS^&password=&login-form-type=pwd&returnLocation=index.html:Not found" -x 5:7:1 -l none -v -o userIDs.txt -t 50
50 threads are spawned (as per the -t argument), but once one thread finds a solution, it stops all the other threads. I can verify this by doing:
hydra https-form-post ":username=^PASS^&password=&login-form-type=pwd&returnLocation=index.html:Not found" -x 5:7:1 -l none -v -o userIDs.txt -t 5
^ Returns 5 valid solutions, which is correct since once one thread gets an answer, the user ids are sequential so the next 5 threads return. Then it stops.
hydra https-form-post ":username=^PASS^&password=&login-form-type=pwd&returnLocation=index.html:Not found" -x 5:7:1 -l none -v -o userIDs.txt -t 10
^ Now it returns 10 valid solutions because all 10 threads had valid user IDs. But then it stops.
It should ONLY stop on the first found item if "-f" is sent. If I do send "-f":
hydra https-form-post ":username=^PASS^&password=&login-form-type=pwd&returnLocation=index.html:Not found" -x 5:7:1 -l none -v -o userIDs.txt -t 10 -f
^ Now returns only 1, even though all the other threads stopped.
As you can see, I am trying to do username enumeration with hydra instead of actual password cracking.
The text was updated successfully, but these errors were encountered: