I'm having trouble getting valid results from a hydra scan on a html login form.
Here is what the form looks like (minus all the formatting junk)
From looking at a few examples (because I can't find any docs) I figured this is how I'd run my attack.
<form name="form1" id="form1" action="login.cgi" method="post">
<input name="login_name" type="text" id="login_name" value="">
<input type="password" name="login_pass" id="login_pass" value="">
<input type="submit" name="login" value="Log ln">
Buuut that doesn't seem to work. I know the right password is being tested, but all I get is
hydra -l user -P list.txt -e ns 192.168.0.1 http-post-form "/login.cgi:login_name=^USER^&login_pass=^PASS^&login=Log+In"
Am I doing something wrong? And can someone point me to some sort of document for hydra that gives some usefull info?
Hydra (htp://ww.thc.org) starting at 2007-08-12 05:02:59
[DATA] 3 tasks, 1 servers, 3 login tries (l:1/p:3), ~1 tries per task
[DATA] attacking service http-post-form on port 80
[STATUS] attack finished for 192.168.0.1 (waiting for childs to finish)
Hydra (htp://ww.thc.org) finished at 2007-08-12 05:02:59