I keep having issues with hydra while I try it. The two major ones are: hydra says it's tunning ~0 tries per task, and the output comes up with 39-40 "valid" credentials (none of which work). All the passwords that are in the output begin with xx. I tried looking the problem up, but I only found people having issues with DVWA. I couldn't find a PHPSESSID for the challenge so I am lost and don't know what to do. If you could help me further understand what I did wrong, I would greatly appreciate it.
P.S. this is my input and what the console gives me in return:
hydra pentesteracademylab.appspot.com http-form-get "/lab/webapp/1:email=^USER^&password=^PASS^&Login=Login:Failed" -L user.txt -P pass.txt -t 20 -o results.txt
[DATA] max 20 tasks per 1 server; overall 64 tasks, 486 login tries (1:2/p:243), ~0 tries per task
[DATA] attacking service http-get-form on port 80
... Random "valid" login credentials (all beginning with xx and none beginning in y or z) ...
1 of 1 target successfully completed, 39 valid passwords found
P.P.S. Thank you for your help in advance
I figured it out thank you anyway! I checked back to look at issues and I added a parameter thinking it would solve my original problem and it didn't. Another thing that helped was to not save the output. Hopefully this helps anyone who has an issue with this.
P.S. my new input:
hydra pentesteracademylab.appspot.com http-form-get "/lab/webapp/1:email=^USER^&password=^PASS^:Failed" -L user.txt -P pass.txt -t 20