Re: password cracking a web form, tried hydra and brutus

From: lists AT dawes DOT za DOT net (_at_securityfocus.com)
Date: 02/05/04

  • Next message: kenzo: "OPST vs CEH" 
    Date: Thu, 05 Feb 2004 18:03:15 +0100
To: aRt dE vIvRe <bishan4u@yahoo.co.uk>

    Try some of the tools that you'll find here:

    http://neworder.box.sk/box.php3?gfx=neworder&prj=neworder&key=wwwcrks

    Rogan

    aRt dE vIvRe wrote:
    > Hi,
    >
    >
    >>The problem is you're trying to use HTTP authentication, instead of
    >>submitting the results to the form.
    >
    >
    > Yes, you are right. I tried Accessdriver also, but that also works only
    > for HTTP authentication and not for submitting form.
    >
    >
    >>Your better bet is to work something
    >>up,
    >>in perl most likely (but any tcp-capable language will do), that will
    >>submit
    >>requests just as would happen if you were to sequentially try various
    >>login
    >>attempts on their web page.
    >
    >
    > Sorry, but I'm not so good at programming.
    > Is there any open source program which does this? I'm looking for such a
    > program over a week now, but no luck!
    >
    >
    >>There are also other ways you could poke at it...have you tried SQL
    >>injection attacks in either the password or login field?
    >
    >
    > Can you please put some more light on it!
    >
    > Thanx and Regards,
    > b'shan
    >
    >
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: kenzo: "OPST vs CEH"
    • Quantcast