Penetration Testing mailing list archives
Re: Bruteforce HTTP Basic authentification
From: Chris Kuethe <chris.kuethe () gmail com>
Date: Wed, 17 Aug 2005 21:35:20 -0600
On 8/17/05, nik <nik () adminzone ru> wrote:
Hello list! I'm doing little pen-test of a web-application for a small company. This application uses HTTP Basic autintification. So the question is: does any one know some tools (such as brutus) for brutforce usernames and passwors for this type of authentification. These tools must run under Linux or FreeBSD.
The LWP perl module will do quite nicely. Combine that with an optimized alphabet or 4, and you can have a very effective brute forcer in a couple of screenfuls of code. Optimizing your alphabet can be very effective, taking the time to crack a password down from hours to minutes or even seconds if you have a good idea about the letter distribution. ;) CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Bruteforce HTTP Basic authentification nik (Aug 17)
- Re: Bruteforce HTTP Basic authentification Thor (Hammer of God) (Aug 17)
- Re: Bruteforce HTTP Basic authentification Ivan . (Aug 17)
- Re: Bruteforce HTTP Basic authentification Chris Kuethe (Aug 17)
- Message not available
- Re: Bruteforce HTTP Basic authentification Chris Kuethe (Aug 18)
- Message not available
- <Possible follow-ups>
- RE: Bruteforce HTTP Basic authentification Todd Towles (Aug 17)
- Re: Re: Bruteforce HTTP Basic authentification bannedit (Aug 18)
- Re: Bruteforce HTTP Basic authentification Chris Kuethe (Aug 19)
- Re: Bruteforce HTTP Basic authentification Chris Kuethe (Aug 19)