Reputation: 105
How to execute Hydra script for multiple login layers
I'm trying to test some basic brute force strategy on a locally hosted website by using Hydra. The website has 2 login layers: the first one is a http-get Basic Auth and after you login with the Basic Authentication you land on the actual login page that uses http-post-form. I already have the password for the Basic Auth layer, and I want to test a list of usernames and passwords on the actual login layer.
For the Basic Auth layer I can use
hydra -l username -p password -s 9000 -V 127.0.0.1 http-get "/index.php"
which of course is successful since I know the username and password. Now I want to execute another Hydra attack on the second login layer that comes after passing the HTTP Basic Auth.
I tried this command:
hydra -l username -p password -s 9000 -V 127.0.0.1 http-get "/index.php" ; hydra -L usernames.txt -P passwords.txt -s 9000 -V 127.0.0.1 http-post-form "/index.php:username=^USER^&password=^PASS^&Login=submit:Login failed - incorrect username or password"
This command doesn't work, since command 1 ; command 2 runs both scripts consecutively but doesn't remember the output of the first command.
Which command can I use to run both commands, but command 2 should only run after the HTTP Basic Auth is bypassed with command 1
Upvotes: 1
Views: 912
Answers (0)
Related Questions
- How to create cli to access multi cli commands using hydra?
- How to override hydra working dir from within a script?
- Symfony 3 - multiple login methods, how to set default?
- Execute multipe PHP scripts simultaneously
- PHP login script in a separated file
- Symfony 2 after login do some extra job
- converging multiple admin login scripts into one
- why does this simple Hydra command not work?
- Two scripts using same login and database
- PHP call to shell script to handle multiple users