Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: password cracking a web form, tried hydra and brutus

From: "lists AT dawes DOT za DOT net" <"lists AT dawes DOT za DOT net"@securityfocus.com>
Date: Thu, 05 Feb 2004 18:03:15 +0100
Try some of the tools that you'll find here:

http://neworder.box.sk/box.php3?gfx=neworder&prj=neworder&key=wwwcrks

Rogan

aRt dE vIvRe wrote:

Hi,



The problem is you're trying to use HTTP authentication, instead of
submitting the results to the form.



Yes, you are right. I tried Accessdriver also, but that also works only
for HTTP authentication and not for submitting form.



Your better bet is to work something
up,
in perl most likely (but any tcp-capable language will do), that will
submit
requests just as would happen if you were to sequentially try various
login
attempts on their web page.



Sorry, but I'm not so good at programming.
Is there any open source program which does this? I'm looking for such a
program over a week now, but no luck!



There are also other ways you could poke at it...have you tried SQL
injection attacks in either the password or login field?



Can you please put some more light on it!

Thanx and Regards,
b'shan


---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: