Hydra Overview

adam6500 
asterisk 
cisco 
cisco-enable 
cobaltstrike 
cvs 
firebird 
ftp[s] 
http[s]-{head|get|post} 
http[s]-{get|post}-form 
http-proxy 
http-proxy-urlenum 
icq 
imap[s] 
irc 
ldap2[s] 
ldap3[-{cram|digest}md5][s] 
memcached 
mongodb 
mssql 
mysql 
nntp 
oracle-listener 
oracle-sid 
pcanywhere 
pcnfs 
pop3[s] 
postgres 
radmin2 
rdp 
redis 
rexec 
rlogin 
rpcap 
rsh 
rtsp 
s7-300 
sip 
smb 
smtp[s] 
smtp-enum 
snmp 
socks5 
ssh 
sshkey 
svn 
teamspeak 
telnet[s] 
vmauthd 
vnc 
xmpp

Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-12-14 17:56:12

Help for module http-post-form:
============================================================================
Module http-post-form requires the page and the parameters for the web form.

By default this module is configured to follow a maximum of 5 redirections in
a row. It always gathers a new cookie from the same URL without variables
The parameters requires at a minimum three ":" separated values,
plus optional values.
(Note: if you need a colon in the option string as value, escape it with "\:", but do not escape a "\" with "\\".)

Syntax: <url>:<form parameters>[:<optional>[:<optional>]:<condition string>

First is the page on the server to GET or POST to (URL), e.g. "/login".
Second is the POST/GET variables (taken from either the browser, proxy, etc.)
 without the initial '?' character and the usernames and passwords being
 replaced with "^USER^" ("^USER64^" for base64 encodings) and "^PASS^"
 ("^PASS64^" for base64 encodings).
Third are optional parameters (see below)
Last is the string that it checks for an *invalid* login (by default).
 Invalid condition login check can be preceded by "F=", successful condition
 login check must be preceded by "S=".
 This is where most people get it wrong! You have to check the webapp what a
 failed string looks like and put it in this parameter! Add the -d switch to see
 the sent/received data!
 Note that using invalid login condition checks can result in false positives!

The following parameters are optional and are put between the form parameters
  and the condition string; seperate them too with colons:
 2=                  302 page forward return codes identify a successful attempt
 (c|C)=/page/uri     to define a different page to gather initial cookies from
 (g|G)=              skip pre-requests - only use this when no pre-cookies are required
 (h|H)=My-Hdr\: foo   to send a user defined HTTP header with each request
                 ^USER[64]^ and ^PASS[64]^ can also be put into these headers!
                 Note: 'h' will add the user-defined header at the end
                 regardless it's already being sent by Hydra or not.
                 'H' will replace the value of that header if it exists, by the
                 one supplied by the user, or add the header at the end

Note that if you are going to put colons (:) in your headers you should escape
them with a backslash (\). All colons that are not option separators should be
escaped (see the examples above and below).
You can specify a header without escaping the colons, but that way you will not
be able to put colons in the header value itself, as they will be interpreted by
hydra as option separators.

Examples:
 "/login.php:user=^USER^&pass=^PASS^:incorrect"
 "/login.php:user=^USER64^&pass=^PASS64^&colon=colon\:escape:S=result=success"
 "/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed"
 "/:user=^USER&pass=^PASS^:H=Authorization\: Basic dT1w:H=Cookie\: sessid=aaaa:h=X-User\: ^USER^:H=User-Agent\: wget"
 "/exchweb/bin/auth/:F=failedowaauth.dll:destination=http%3A%2F%2F<target>%2Fexchange&flags=0&username=<domain>%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:C=/exchweb":reason=