Penetration Testing mailing list archives
RE: password cracking a web form, tried hydra and brutus
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 5 Feb 2004 16:49:38 -0500
Since web forms can vary widely, there is no cut-and-dried program that will do this for you. The closest thing is a scripting language called ELZA (http://www.stoev.org/elza/) that is designed for this sort of thing. But if you can't really code, you're out of luck.
-----Original Message----- From: aRt dE vIvRe [mailto:bishan4u () yahoo co uk] Sent: Thursday, February 05, 2004 5:18 AM To: Rob Shein; pen-test () securityfocus com Subject: RE: password cracking a web form, tried hydra and brutus Hi,The problem is you're trying to use HTTP authentication, instead of submitting the results to the form.Yes, you are right. I tried Accessdriver also, but that also works only for HTTP authentication and not for submitting form.Your better bet is to work something up, in perl most likely (but any tcp-capable language will do),that willsubmit requests just as would happen if you were tosequentially tryvarious login attempts on their web page.Sorry, but I'm not so good at programming. Is there any open source program which does this? I'm looking for such a program over a week now, but no luck!There are also other ways you could poke at it...have you tried SQL injection attacks in either the password or login field?Can you please put some more light on it! Thanx and Regards, b'shan
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 02)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 05)
- RE: password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 05)
- Re: password cracking a web form, tried hydra and brutus lists AT dawes DOT za DOT net (Feb 05)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 06)
- RE: password cracking a web form, tried hydra and brutus aRt dE vIvRe (Feb 05)
- <Possible follow-ups>
- RE: password cracking a web form, tried hydra and brutus Sasa Jusic (Feb 06)
- RE: password cracking a web form, tried hydra and brutus Rob Shein (Feb 05)