In Network Security Analysis Using Wireshark, Snort, and SO course, in Lab 3 part 2, Jesse enters the following into kali’s terminal:![Screenshot from 2021-01-03 16-50-32|690x49]
How should I adjust this input to run this brute force attack, if my burp suite did not give me the same output? In fact, 2 things happen in my case that are not the same in the video:
- the POST request doesn’t come back with 200 status, but gives me 401 response.
- HTML code of my version of squert page does not have “The user name or password is incorrect” text anywhere (If I try to enter the incorrect password on squert page, nothing happens, no alert/message appears), so I guess I can’t add this text to the hydra command. If I live that text out, I get the error: :Hydra … Wrong syntax, requires three arguments separated by a colon which may not be null …".
If I add any text from that responseHTML, like “Security Onion” header, then hydra just hangs in there, never stops, even though the password is simply 1234 and it should spit out the answer almost instantly.
- (errors continue until ^C)
Screenshots from my Burp Suite are posted in the reply to the question.
Please help me to make this work! Thank you.