How to use http-get-form in THC-Hydra?

  • I've been messing with Hydra (Brute Force) to solve the "Damn Vulnerable Web App" brute force section but the problem is when I use http-get-form it said:

    Warning: child 1 seems to have died, restarting (this only happens if a module is bad)
    

    And the brute force command is:

    hydra 192.168.100.15 http-get-form \
          "/dvwa/vulnerabilities/brute/#:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect" \
          -l admin -P /root/Desktop/wordlists/test.txt -w 30
    

    I can't find out why the module is bad.

    have you tried dropping the "#" from your URL? DVWA doesn't need it.

    Yes I did and replaced it with "index.php" but still the same issue

  • hydra -l admin -P /root/Desktop/wordlists/test.txt dvwa http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect."
    

    that targets a different page on the dvwa site

    Yes I did and it's working fine but I wanna know how can you do this command to sub directory such as: /dvwa/vulnerabilities/brute

    @AmA I have edited my answer, have you tried it?

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM