Re: Bruteforce HTTP Basic authentification

From: Chris Kuethe (chris.kuethe_at_gmail.com)
Date: 08/18/05

Next message: Irene Abezgauz: "RE: firewalk and nmap"

Previous message: Ivan .: "Re: Bruteforce HTTP Basic authentification"
In reply to: nik: "Bruteforce HTTP Basic authentification"
Next in thread: Chris Kuethe: "Re: Bruteforce HTTP Basic authentification"
Maybe reply: bannedit_at_frontiernet.net: "Re: Re: Bruteforce HTTP Basic authentification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 17 Aug 2005 21:35:20 -0600
To: nik <nik@adminzone.ru>

On 8/17/05, nik <nik@adminzone.ru> wrote:
> Hello list!
> I'm doing little pen-test of a web-application for a small
> company.
> This application uses HTTP Basic autintification. So the
> question is:
> does any one know some tools (such as brutus) for
> brutforce usernames
> and passwors for this type of authentification. These
> tools must run
> under Linux or FreeBSD.

The LWP perl module will do quite nicely. Combine that with an
optimized alphabet or 4, and you can have a very effective brute
forcer in a couple of screenfuls of code. Optimizing your alphabet can
be very effective, taking the time to crack a password down from hours
to minutes or even seconds if you have a good idea about the letter
distribution. ;)

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Next message: Irene Abezgauz: "RE: firewalk and nmap"

Previous message: Ivan .: "Re: Bruteforce HTTP Basic authentification"
In reply to: nik: "Bruteforce HTTP Basic authentification"
Next in thread: Chris Kuethe: "Re: Bruteforce HTTP Basic authentification"
Maybe reply: bannedit_at_frontiernet.net: "Re: Re: Bruteforce HTTP Basic authentification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)
... U will probably need to "morphine" your evil apps before you run them on an AV protected machine - download morphine from hxdef.org; might as well pick up a copy of hf's rootkit while your there... ... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, ...
(Pen-Test)
RE: AD password Auditing
... Subject: AD password Auditing ... > FREE WHITE PAPER - Wireless LAN Security: ... Defend your WLAN against ... FREE WHITE PAPER - Wireless LAN Security: ...
(Pen-Test)
RE: AD password Auditing
... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, available hacking tools and proven ...
(Pen-Test)
Re: Handling Sysads resignation/termination
... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, ... Switch to Netscape Internet Service. ...
(Pen-Test)
FW: AD password Auditing
... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ... WLAN by understanding these threats, available hacking tools and proven ...
(Pen-Test)