[WEB] Lernaean

So I hope this is the right place. As far as I can tell, I’m on the right track. My problem lies in the tools I am using to solve the problem. BurpSuite freezes when loading a large .txt file as a payload and hydra seems to be the best, but I’m having some issues with the command line since it’s password only. Here’s what I am using, is this correct? I did the -l because that’s the only way it won’t complain about not having something even though I already put the “Password Only” option. Help!

hydra -l ‘’ -V -s [PORT] [URL] -P [PATH_TO_PW_LIST] http-form-post “/:password=^PASS^:do_login=yes:F=Invalid”

EDIT: I do have BurpSuite working now, but with the free edition it’s a bit on the slow side (only one thread). I’d still love it if someone could correct my Hydra example

You can leave the username portion in Hydra as blank (and just keep the tag for it in place) and that seems to make it work. I haven’t tried it in this challenge yet but I have done that before.

I have already done that in the example above with -l ‘’ However, with this option it still hangs after 16 tries.

Update: I applied for the BurpSuite Free Trial. However, if anyone can get a working Hydra command going for this instance, I’ll PayPal $5 :slight_smile:

Solved. BurpSuite PRO is the ■■■■ :slight_smile:

You can set l ‘’ in hydra and leave username tag out all together. Works and leveraging most commonly used wordlist should do it in under 30 seconds.

I’ll try that. I have to admit I do love BurpSuite Pro now. So many tools in one.

Thank you!

I figured out the issue with the hydra syntax - it has too many variables in it.

Since the challenge is out. Here’s my write up: HTB — Lernaean Web Challenge Write-up | by Pedro Henrique Cardoso | BugDecoder | Medium