I've had similar problems with those tools. I'd recommend trying bruter. It will fill in the fields automatically.
I know there is much discussion on which is better. I have no take.
I want to learn one of them, whichever is better. I have heard medusa is faster but I don't know.
I am having issues with the syntax of both programs for webforms (http-post)
I really would rather learn, so please walk my newb brain through the steps.
I want to try SABnzbdplus and phpmyadmin. Once I am successful with SAB, I'll move on to phpmyadmin.
Using the source of SABnzbdplus, I see that ma_username and ma_password are the fields I'm looking for.
Unfortunately I am missing something.Code:<form action="/sabnzbd/" method="POST"> Username: <input type="text" name="ma_username" /><br /> Password: <input type="password" name="ma_password" /><br /> <input value="Login" type="submit" />
Code:hydra -l Test -P ~/Desktop/n_names.txt -f -s 8080 -t 2 -V 220.127.116.11 http-post-form "sabnzbd/:ma_username=^USER^&ma_password=^PASS^"
The correct syntax for hydra is
<url>:<form parameters>:<failure string>
something like this
Here is a comparison of the features although a bit old now
I get the url and the form parameters, at least I think i do, but where can i find the failure string?
I don't know either products but a failer string is simple plain text only shown on the page when it fails. For example if you fill out the form and it always says "password failed" you could use that (DON'T use text that's shown on the page when the password works).
I have a basic form testing script that uses cURL to submit then checks the response HTML. If the response HTML haves the string it tries the next user/pass or exits and echos the user/pass. I assume its the same logic.