I'm trying to crack my web page to see if it is possible or not. When you try to login on loginpage.php, form is posted to checklogin.php. checklogin.php checks form data and sets Session if login is right and redirects you (usind header(location:url) to index.php and does not send back any response. If login is wrong, then it redirects you to loginpage.php?fail=1 again using header(location:url).
Can this be attacked by Hydra?
I tried:
hydra -t 10 -l admin -V -P common.txt IpAdressOfMyServer http-form-post "/checklogin.php:username=^USER^&password=^PASS^&url=index.php:fail"
and also:
hydra -t 10 -l admin -V -P common.txt IpAdressOfMyServer http-form-post "/checklogin.php:username=^USER^&password=^PASS^&url=index.php:loginpage.php?fail=1"
But neither works. Can you help me and correct my script?
Aucun commentaire:
Enregistrer un commentaire