Hydra identifies failed logins by analyzing the response from the server after each login attempt. Here's how it works:
-
Response Parsing: After sending a login request with a specific username and password, Hydra receives a response from the server. It examines the content of this response.
-
Error Message Matching: In the command, you specify an expected error message that indicates a failed login. For example, in the command:
http-post-form "/:username=^USER^&password=^PASS^:Invalid username or password"The part
:Invalid username or passwordis the expected error message. Hydra looks for this specific text in the server's response. -
Success vs. Failure:
- If the response contains the specified error message, Hydra concludes that the login attempt was unsuccessful.
- If the response does not contain the error message (or contains a different message indicating success), Hydra considers the login attempt successful.
-
Logging Results: Hydra logs the results of each attempt, noting which combinations of usernames and passwords were successful or failed based on the presence or absence of the expected error message.
By using this method, Hydra can efficiently determine the validity of login credentials during a brute-force attack.
