Security Basics mailing list archives
Re: THC Hydra and HTTP brute-force cracking
From: Martin T <m4rtntns () gmail com>
Date: Sun, 3 Apr 2011 05:20:53 +0200
David, ok, looking forward to Hydra 6.2 :) Jérôme, yes, looks like the HTTP server running on the router does not support HEAD request as I get "Connection closed by foreign host" right away if I telnet to httpd port on the router and make a HEAD request. Most likely it would be smart to check the support of HEAD requests of the HTTP server before attacking it.. However, thanks for clarifying differences between the HTTP HEAD and GET requests. regards, martin 2011/4/1 Jérôme Nokin <jerome () wallaby be>:
Hi Martin, You are maybe misunderstanding something. Just to be sure.. Even if the credential information will be added into the "header" of the HTTP request, it is not related to the use of http-head or http-get plugging. In HTTP protocol, "HEAD" is a method like "GET", "POST", "PUT", ... HEAD is like GET, but without providing the body of the answer (thus, using http-head should be more fast than http-get). Try "telnet www.google.com 80" , then "GET / HTTP/1.0" + return + return Now try the same telnet but with HEAD method "HEAD / HTTP/1.0" + return +return You will see the difference. Regarding your device, maybe it don't support HEAD method (?). Actually I've never used http-head. Good luck, JérômeWhen should one use http-head? In addition, I have read many people complaining(mainly in backtrack-linux.org/forums) about "-t" feature in hydra as it runs by default 16 parallel tasks simultaneously and may skip passwords in password file.. Jérôme mentiod this as well. Is there a fix for this or is it a hydra bug at all? regarding, martin
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: THC Hydra and HTTP brute-force cracking Martin T (Apr 01)
- Re: THC Hydra and HTTP brute-force cracking David Maciejak (Apr 01)
- Message not available
- Re: THC Hydra and HTTP brute-force cracking Martin T (Apr 05)