Password HTML form bruteforce

From: joh ket (johket@hotmail.com)
Date: 04/18/02


Date: 18 Apr 2002 09:16:13 -0000
From: joh ket <johket@hotmail.com>
To: pen-test@securityfocus.com


('binary' encoding is not supported, stored as-is)

Hi there,

I am currently involved in a pen test on a website
which is using formbased authentication.

I figured out that a account, named 'test' exists...
(...)

Now I want to brute force this account, I am using
Brutus AET2 for this.

But I do not know how to use the HTML response.

Below the packet capture of a response of a login
which was succesfull:

HTTP/1.1.302.Object.Moved..Location:.start.cfm?cid=
(lines deleted)
<head><title>Document.Moved</title></head><body
><h1>Object.Moved</h1>
This.document.may.be.found.<a.HREF="start.cfm?
cid=
(lines deleted)

A capture of an unsuccessfull capture looks like this:

HTTP/1.1.302.Object.Moved..Location:.original.cfm?
login=Invalid password. Please try again
(lines deleted)
Document.Moved</title></head>.<body><h1>Object.
Moved</h1>This.document.may.be.found.<a.HREF="
original.cfm?login=Invalid password. Please try
again">here</a>

So depending on the password I get redirected to a
page...

How should the primary and the secondary repsonse
be configured?

Or does somebody else have a better idea how to do
this?

Thanks in advance!

Joh Ket

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: SQL
    ... | I am doing a pen test against a IIS 5 web server. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Using a Compromised Router to Capture Network Traffic
    ... Using a Compromised Router to Capture Network Traffic ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test VPN
    ... You may also want to pen test the VPN client. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > I was hoping that someone out there in pen test land already had developed ... > Machine A on client site makes a configurable encrypted OUTBOUND connection ... This in combination with social engineering the help ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)