Home 0P3N Blog Bruteforce Login-page Using Hydra and Python Script (DVWA)
Ready to Start Your Career?
Create Free Account
an0th3rhuman s profile image
By: an0th3rhuman
April 28, 2017

Bruteforce Login-page Using Hydra and Python Script (DVWA)

By: an0th3rhuman
April 28, 2017
an0th3rhuman s profile image
By: an0th3rhuman
April 28, 2017
bruteforce-loginWhat is DVWA?Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.You can download DVWA here.and install it on your lamp serverWhat is bruteforce?In a simple way, Bruteforce is a technique which applies all possible value of usernames and passwords, or any required field, to satisfy our problem needs.You can learn more about bruteforce here.How to bruteforce low and medium security using Hydra?Hydra is a very fast tool used to perform rapid dictionary attacks. Here we are going to use Hydra and perform bruteforce attack based on HTTP-form-get.The syntax is:
hydra <target-site> -l admin -l  -P <path to your password list> http-form-get <path to directory to make login attempt including error message and cookie details>
This will only work on the site which uses HTTP-form-get method.The hydra command which I used to break DVWA bruteforce low and medium security is:
hydra 127.0.0.1 http-form-get -l admin -P rockyout.txt 'DVWA-master/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect. :H=cookie: security=low; PHPSESSID=l6au67gu3uclemji3f95vndr65'
How to bruteforce high security using python script?In high security, they used a hidden field to check a CSRF token along with our username and password. This CSRF token changes its value on each request. So our normal hydra won't work here. We need to get our own tool. I used python script which gets the CSRF token by scrapping it. I bruteforced the username and password along with the CSRF token which is unique for each request.You can find my script, which I used to bruteforce high-level security, here: https://github.com/mafiakid/DVWA-solutions/blob/master/bruteforce/brute.py
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry