Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web brute forcing tool against HTTPS

From: Ahmad Taha <ahmad.taha () usa net>
Date: Thu, 03 Jan 2008 10:47:22 +0200
Hi Whitehat,
Or you can redirect the traffic as usual with stunnel for example, you can set stunnel to listen for connections on local tcp port 80 and forward to remote www.SiteToBeTested.com on port 443, then make your tool (e.g. Brutus) brute force your localhost on port 80 which will then be automatically redirected to www.SiteToBeTested.com on port 443, that is of course you need to use certain tool that doesn't support HTTPS by default. 


Regards,
Ahmad Taha Zaki

Whitehat wrote:

Hi Anthony,

Thank you for your valuable inputs.....


Cheers !!!

Regards,
Whitehat.



Anthony_Cicalla () McAfee com wrote:

Other Brute Forcers

Brutus
http://www.hoobie.net/brutus/brutus-download.html

Is there any other software like Brutus?
There are more tools now than there were when Brutus was originally
released, some tools of note include:

wwwhack  -  Offering HTTP, POP3 & FTP - generally nice and easy to use.
http://www.wwwhack.com/

Entry - Offering HTTP, POP3 & FTP - commercial and freeware versions.
http://web.idirect.com/~elitesys/entry/index.html

http://freeworld.thc.org/thc-hydra/

Hydra is a parallized login cracker which supports numerous protocols to
attack. New modules
are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL,
REXEC,
CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3,
Cisco auth, Cisco enable, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain unauthorized 
access from remote to a system
Sincerely,

Anthony Cicalla,

CNA, CEH, CISSP, GSNA, MCP, SCTA

Research Scientist


McAfee, Inc.
535 Oakmead Pkwy
Sunnyvale, CA 94085

408.992.8300 Main
408.992.8441 Direct
408.720.8450 Fax
925-262-7565 Cell

Anthony_Cicalla () mcafee com

www.Mcafeesecure.com




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On 
Behalf Of Whitehat
Sent: Friday, October 24, 2008 12:27 PM
To: pen-test; security-basics () securityfocus com
Subject: Web brute forcing tool against HTTPS

Dear List,
I'm doing a Web application PT against a website running on HTTPS - in which I found that the password recovery mechanism is weak because if you enter a correct Registration ID then it'll send a new password to the corresponding email. Now my Idea is to perform a brute force attack against the input field which could lead to a potential "Denial of Service" since I know the length of Registration ID.
I'm trying "Crowbar" as usual, but......It it is not able to get the base response. 
I could able to do this successfully for many other sites.

Is it because of:

1.HTTPs- Can't we brute force HTTPs implemented sites ?????
2.Implementing ViewState in aspx.
3.Or something else that causing error???


Please suggest me different techniques Or any other TOOL to do that.


Cheers,
Whitehat.




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


.
Previous By Date Next
Previous By Thread Next

Current thread: