Collaborate Disseminate
I am setting up a brute-force with hydra, and receiving valid responses for almost all requests from passwords list. But on the web form I am still getting an error that credentials are wrong. What am I missing in the script?
System set up… Continue reading Hydra returning all credentials as valid [duplicate]
I am doing portswigger labs with hydra https-post-form. I try to look for packets that don’t have status code 200 OK, because when checked in burp my failed login with bad password and good username had status code 200 OK.
└─$ hydra -l act… Continue reading Help with hydra https-post-form
I’m trying to solve a brute force login exercise on PortSwigger academy (https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses) using hydra and I do not know what I’m doing wron… Continue reading Hydra https form post doesn’t work [closed]
Test site: http://testfire.net/login.jsp
Error when login failed: Login Failed: We’re sorry, but this username or password was not found in our system. Please try again.
Web Form
<form action=”doLogin” method=”post” name=”login” id=”… Continue reading wfuzz show –hs responses when it should hide it
My professor made this site for us and gave us a project to find the password if we have the email. Is it possible?
Not sure if this is relevant, but the site isn’t HTTPS also
I forgot my pgp private key passphrase and wanna brute force either my private key or the message is encrypted with my public key.
Is there any way to brute force it?
Do you think JohnTheRipper would work?
Continue reading How to brute force pgp private key or pgp message?
Im doing a lab running a php webserver.
Theres an admin page that POSTs “username=foo&password=bar&login-1558201477=”
The “login-(epoch) ” is converted from the http response timestamp as a hidden field.
I’ve tri… Continue reading Brute forcing login page with epoch time as anti-csrf token [on hold]
How can I make this type of payload or HTTP request? I used them to have internet without isp limitations. Connected by means of an ssh account.
Where can I find information about this type of HTTP request? I put some exampl… Continue reading How can I create an http request like this manually or with a tool? [on hold]
I have an nginx server running an instance of and express/nodejs server.
I was going through the logs to see what was being requested, and I noticed a few normal attempts for common flaws in things like word press, but what… Continue reading Suspiscious HTTP request to nginx server in server log, what is it?
I am using Hydra to brute force a login http form (Method: post), but I’m getting false positives (passwords that aren’t valid)
I believe I know the reason, I just don’t know how to handle it:
The failure of the request prod… Continue reading Hydra: Brute force an http form, all arguments are supplied but the login error has other string formats and is too big