To find out how to use the http-post-form module, we can use the "-U" flag to list the parameters it requires and examples of usage:
hydra http-post-form -U
<...SNIP...>
Syntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
First is the page on the server to GET or POST to (URL).
Second is the POST/GET variables ...SNIP... usernames and passwords being replaced in the
"^USER^" and "^PASS^" placeholders
The third is the string that it checks for an *invalid* login (by default)
Invalid condition login check can be preceded by "F=", successful condition
login check must be preceded by "S=".
<...SNIP...>
Examples:
"/login.php:user=^USER^&pass=^PASS^:incorrect"
Custom Wordlist with hydra
Please refer to Hashcat section for creating wordlists
sed-ri'/^.{,7}$/d'william.txt# remove shorter than 8sed-ri'/[!-/:-@\[-`\{-~]+/!d'william.txt# remove no special charssed-ri'/[0-9]+/!d'william.txt# remove no numbers