I have problems getting results from hydra when testing a OWA-only enabled mail server:
then I get a bunch of errors "BAD Request" and false positives.
hydra -l leo -p 123 mail.company.com https-post-form "/exchweb/bin/auth/owaauth.dll:destination=https%3A%2F%2Fmail.company.com%2Fexchange%2F&flags=0&username=Domain%5C^USER^&password=^PASS^&I1.x=0&I1.y=0:You could not be logged"
I got the POST data from running OWASP ZAP as proxy.
here's what happens:
#1- [REQUEST] POST https://mail.company.com/exchweb/bin/auth/owaauth.dll <-- along with the POST data
#1- [RESPONSE] HTTP/1.1 302 Moved Temporarily -- Location: https://mail.company.com/exchange/ <-- with a couple of set-cookie's
#2- [REQUEST] GET https://mail.company.com/exchange/
#2- [RESPONSE] HTTP/1.1 302 Moved Temporarily -- Location: https://mail../../owalogon.asp?url=h...ange/&reason=2
#3- I "GET" the same login page with "&reason=2" that will display the error message "You could not be logged..."
The problem is that hydra expects to see in the body of the response the text "You could not be logged" at "#1" to determine if the password is correct or not, and since the response is a 302 without a body, it just assumes that the password has been found and not follow the 302 directions till it gets an actual body in a reply.
any ideas? "i tried owabf.py, it just didn't work for me, all false positives"
Thanks in advance.