Among the many protocols that Hydra supports, there are http-get-form, http-post-form, https-get-form, and https-post-form, which are the HTTP and HTTPS login forms sent by the GET and POST method respectively. Using the same information from the previous exercise, you can run a dictionary attack with Hydra using the following command:

hydra 10.7.7.5 http-form-post "/owaspbricks/login-3/index.php:username=^USER^&passwd=^PASS^&submit=Submit:Wrong user name or password." -L users.txt -P passwords.txt  

You may notice that the syntax in this case is slightly different than your previous use of Hydra. Let's check it out together:

1. First, you have the hydra command and the target host (hydra 10.7.7.5).
2. Then the protocol or service that you want to test (http-form-post).
3. Next comes the protocol-specific parameters in quotes ("") and separated with colons:
   1. URL (/owaspbricks/login-3/index.php)
   2. The body of the request, indicated by ^USER^, where Hydra should put the usernames and ^PASS^ for the place where the passwords should go
   3. The failed login message (Wrong user name or password.)
   4. Last comes the username and password lists indicated by -L and -P