hydra http-post-form -U
<...SNIP...>
Syntax: <url>:<form parameters>:<condition string>[:<optional>[:<optional>]
First is the page on the server to GET or POST to (URL).
Second is the POST/GET variables ...SNIP... usernames and passwords being replaced in the
"^USER^" and "^PASS^" placeholders
The third is the string that it checks for an *invalid* login (by default)
Invalid condition login check can be preceded by "F=", successful condition
login check must be preceded by "S=".
<...SNIP...>
Examples:
"/login.php:user=^USER^&pass=^PASS^:incorrect"