Results 1 to 3 of 3

Thread: Hydra (THC) issue

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    3

    Default Hydra (THC) issue

    Hi all!

    I hope this is in the right section now.

    I've been trying to crack my email account with hydra and I failed.
    The server I've been trying to attack provides ssl, so maybe that's why I failed when I was trying to use pop3 protocol, so then
    I checked links from this site: http://www.thc.org/thc-hydra/ and still nothing.

    I had many errors from hydra, but when I used with syntax"


    Code:
    hydra -l myemail@myemail.com -P /root/Desktop/testdic.txt -v <serverIP>  https-form-post "/index.cgi:login&name=^USER^&password=^PASS^&login=Login:Not allowed" &
    (I also tried to modify the syntax after hhtps-form-post, but I failed or did something wrong.)
    it returned: "1 of 1 target successfully completed, 4 valid passwords found"...

    I loged in to my account and checked, that the server IP and 443 port are correctly used by me in hydra.

    The path to the dictionary above, is a text file I created, containing like three bad passwords and one legit one.

    I've been using Backtrack for some time now, but I'd rather consider myself as noobie.

    What am I doing wrong?

    I'm using backtrack 5 installed on usb.

    regards
    Alex

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Hydra (THC) issue

    Without access or information about your email interface and access method we can't help you.

    Note I'm not asking for real creds or anything here, but your post basically boils down to. I'm trying to do something like this and it doesn't work, how do I fix it. Based on that level of detail all we can possibly say is "do it properly"......

    0) What are the actual errors hydra is giving you.
    1) Can you actually access your email account via HTTP?
    2) Is index.cgi the actual login page? Are the POST parameters you outlined above actually correct? Did you view the source of the page and do you understand it?
    3) Have you tried to manually build the request with known creds and submit it? (use curl, or burp, or something like that)
    etc.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    3

    Default Re: Hydra (THC) issue

    Hi! Thank you for your reply.

    First - you are absolutely right about how my post looks like. It's because I was so frustrated that nothing had worked. Sorry for that.
    Second - I knew I was missing something obvious I just didn't know what (mysterious way my brain works...)

    Here's what I did, inspired by your tips:
    I used netcat to login to my account through pop3 just to see if everything works and it did.
    Then I used hydra with pop3 option and it worked! Finally.

    But I don't want to stop there. I spent hours today trying to answer you and myself if I understand the source page view. The answer is no, unfortunately.
    You were right, there's no index.cgi in my case. I behaved like a total noob and just paste it from the tutorial.

    Because I'm eager to learn, I'd appreciate if you gave me some tips, what should I look for in a source of the page.
    I found something like this:
    Code:
    ApplicationFacade.INIT_LOGIN_FORM, {"id":"loginForm","validateLoginFunc":"validateEmail","validateLoginErrorText1"
    (it's a part of it), but I'm not sure if it's relevant?

    What kind of information would you need about my email interface?

Similar Threads

  1. Replies: 2
    Last Post: 12-25-2011, 09:56 PM
  2. Airodump-ng Issue + Aireplay-ng Issue
    By whiteice in forum OLD Newbie Area
    Replies: 1
    Last Post: 11-05-2008, 05:47 AM
  3. Hydra & SMB password list issue
    By imported_LinuxNoob in forum OLD BT3beta General
    Replies: 2
    Last Post: 03-19-2008, 08:01 PM
  4. Hydra 5.4 issue
    By KMDave in forum OLD BT3beta Software related issues
    Replies: 16
    Last Post: 01-08-2008, 05:39 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •