Penetration Testing mailing list archives
Re: Brutus issue
From: Pieter Danhieux <opr () bsdaemon be>
Date: Wed, 1 Nov 2006 18:23:29 +0100 (CET)
Juan,create a perl script which generates a dictionairy file for you with all the potentail usernames, and another file with the potential passwords. Load a dictionairy attack with Hydra.
Also, check wether the loginnames are LIMITED to 4 chars or EXACTLY 4 chars. Same remark for passwords. This could save you a lot of login attempts ...
kind regards, -- Pieter Danhieux CISSP, GSEC, GCIH, CISA, GCFA On Tue, 31 Oct 2006, Juan B wrote:
Hi, I am conducting a pen test for a client of mine. in his web server he is using basic authntication (base 64) I need to issue a brute force attack against his authentication scheme. I know that the users and password are all numbers. foe example the user might be something as: 5486 and the password could be : 546846533 The users are limited to 4 numbers and the passwords for 8 numbers. How I can tell brutus or hydra to use only numbers in the brute force? Thanks very much ! Juan ____________________________________________________________________________________ Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates (http://voice.yahoo.com) ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Brutus issue joe (Nov 01)
- <Possible follow-ups>
- RE: Brutus issue Isaac Van Name (Nov 01)
- RE: Brutus issue Tonnerre Lombard (Nov 02)
- RE: Brutus issue Isaac Van Name (Nov 02)
- RE: Brutus issue Tonnerre Lombard (Nov 02)
- Re: Brutus issue Pieter Danhieux (Nov 01)
- Re: Brutus issue Mister Dookie (Nov 01)
- Re: RE: Brutus issue rumple (Nov 02)