Well, technically this story happened on Stack Exchange, but I really don’t see any difference between these two platforms, they are both toxic. If you have asked questions on Stack Overflow, you would know that this is not a place that welcomes new users to ask questions. People will tell you how stupid you are to ask such question straightforwardly, and then they’ll down vote you. Especially for those owned many coins, they are just privileged to do that.
I was afraid of being flamed on Stack Overflow, so I did some of researches on where to put my question so that it would look appropriate. After some efforts, I found that Stack Exchange is a place where you could post Network related topics. Great! because I was bugged by Hydra, https://www.kali.org/tools/hydra/ a brute force penetration test tool.
The really problem I was facing is that Hydra is being unstable for some brute force tasks. I was using it to brute force a simple admin credential on a Jenkins server (an open source automation server) https://www.jenkins.io/. To put it right, I was doing that over a vulnerable lab, many platforms (HTB, TryHackMe, PG Play) offer simple admin credential for you to practice brute force. But I found that Hydra is acting weirdly on servers that redirects itself. Sometimes the hydra command you use on a vulnerable box on HTB will work, but it will not work on the vuln box on PG Play. Some may say did you change the target IP address. Well, I am gonna ignore such comments.
Anyway, I am confused. I am kind of a person who would keep struggling on a very trivial behavior difference for a very long time. Either I figured it out or I exhaust myself and call it not worth another minute of my life. So in order to figure it out, I’ve spent the whole day, but still no luck. What do I do? I was so desperate that I started to ask questions on Stack Exchange. Believe me alright, every person asking questions on Stack Exchange are desperate.
I tried my best to include as many information as I could, like commands, server response in screenshot. Waited a few days, got a response, excited to view it. It turned out to be a privileged user with many coins accusing me of trying to hack something, they don’t tolerate that here. I tried to reason with him that I am an ethical hacker who’s learning about hacking. He said I saying that is just trying to fool him. Conversation ended there as I don’t feel like this dude deserves me to type an extra alphabet character.
I mean, that dude has that many coins, obviously he tried to help a lot of people who were bugged by questions that they couldn’t handle by themselves. Obviously he knows a lot about computer science, so I am amazed to see he’s being so ignorant. Well, as for the Hydra’s behavior disorder problem, no response from other users except that dude’s comedic words after several months of posting it. I eventually let it go and deleted the post.
In summary, I know that Hydra as an open source tool is very limited, it is not working well against servers with very mild brute force protection. But I still appreciate of the efforts of Hydra’s authors who shared this wonderful pentesting tool! If you ask me what other tool is capable of such task, I would say Burp Suite Pro, assume you are rich enough to pay $449 bucks per year.