Use THC hydra to make dictionary attack on localhost

Question

I have programmed a log in in my webpage and now I want to test it against a dictionary attack. I am using Apache and my website is not online so to access it I connect to localhost/website In hydra I am using the command

hydra -l username -P passList.txt localhost/website http-post-form "/logIn.php:user=^USER^&pass=^PASS:forgot"

But it terminates with error

[DATA] attacking service http-post-form on port 80 [ERROR] could not resolve address: localhost/website 0 of 1 target completed, 0 valid passwords found [ERROR] 1 target did not resolve or could not be connected What is the problem?

score 2 · Answer 1 · answered Sep 14 '16 at 08:24

2

use the ip address somewhere localhost for example :

hydra -l username -P passList.txt 127.0.0.1/website http-post-form "/logIn.php:user=^USER^&pass=^PASS:forgot"

answered Sep 14 '16 at 08:24

zrp

31
5

score 0 · Answer 2 · edited Jan 25 '15 at 01:49

0

Try this:

hydra -l username -P passList.txt localhost http-post-form \
    "/website/logIn.php:user=^USER^&pass=^PASS:forgot"

edited Jan 25 '15 at 01:49

SamB

9,039
5
49
56

answered Jan 25 '15 at 00:46

InvidecDave

1

Use THC hydra to make dictionary attack on localhost

2 Answers2