vanhauser-thc
commented
6 months ago there is a hidden option parameter called "1" ...
/foo.php:user=^USER^&pass=^PASS^:1=:F=incorrect
I will document it for visibility.
Closed MinhPham123456789 closed 6 months ago
vanhauser-thc
commented
6 months ago there is a hidden option parameter called "1" ...
/foo.php:user=^USER^&pass=^PASS^:1=:F=incorrect
I will document it for visibility.
MinhPham123456789
commented
6 months ago Hi @vanhauser-thc ,
Thank you very much for your response. can you share the doc link to the parameter you mentioned. Or as least can you give a direct example how to use to avoid the 401 http-post-form error?
bazzawill
commented
3 months ago Hey I am here after after discovering this in a CTF this error message caused me to abandon this technique. I only discovered it was valid after reading the writeup and reattempting knowing the password. Also it appears 1= does not work
When running Hydra in http-post-form mode targeting a POST login form, the host returns 401 HTTP code as an expected sign showing the username or password is not correct but Hydra continuously display ERROR message stating that the user should switch to HTTP get mode, which is not correct.
The error message: [ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module "http-get" instead.
Is there a way to suppress or guide Hydra to stop printing ERROR message and acknowledge the 401 HTTP code in the process?