Penetration Testing mailing list archives
password cracking a web form, tried hydra and brutus
From: "aRt dE vIvRe" <bishan4u () yahoo co uk>
Date: Mon, 2 Feb 2004 20:22:46 +0530 (IST)
hi, we are conducting a PT for a website. In order to password crack the login/password form authentication (which happens to be squirrelmail, written in php, looks similar to the login page of yahoo or msn) I was looking for some tools. I came across Hydra and Brutus. When I tried Brutus on an inhouse dummy site, after configuring the parameters the target would automatically become <target>redirect.php. I googled but couldnot find a solution to it. Then I tried hydra at with following command: # hydra -l smg -p we2su 192.168.0.3 http /webmail/src/login.php it resulted as: [80][www] host: 192.168.0.2 login: smg password: we2su which is a wrong result since I had given the wrong password. I get the same result for valid or invalid passwords. Am I doing anything wrong? Is there any other tool which does what I'm looking for? Pls. help me with this :) Regards, B'shan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 02)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 05)
- RE: password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 05)
- Re: password cracking a web form, tried hydra and brutus lists AT dawes DOT za DOT net (Feb 05)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 06)
- RE: password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 05)
- <Possible follow-ups>
- RE: password cracking a web form, tried hydra and brutus Sasa Jusic (Feb 06)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 05)