Penetration Testing mailing list archives
RE: passw0rd trial limit
From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Mon, 26 Jun 2006 13:15:46 -0400
Zed Qyves wrote:
Hello, I am curious as to how and where is this "5 times login" enforced? Few implementations I've seen do it client side either with a cookie or, even worse, a hidden field. Others do it server side on a session table or other, home made structure. If the first is the case you are in luck. I don't recall any bruteforcer tools that actually let you modify the Set-Cookie directive so you may have to run it through a personal proxy that will auto manipulate this field - WebProxy, if you can still get hold of it on the Net since it seems to have disappeared has a RegEx match and replace pattern which can come in handy in the above - of cource the bruteforcer needs to have proxy support. If its is a hidden value, well keep requesting with field value 1 and you should be ok. If server side user session inval login attemps storeage is used there is not really anything you can do but try attacking the bruteforcing problem in a different approach: pick the most common password in you opinion - I would say 123456 or 654321 - and run it through all the usernames, depending on the size of the application users' database you are bound to have some hits. Hope it helps. ZQyves
My first thought on this was to try an around about approach to get your hands on the username database and try to crack usernames "offline" Any chance of that ? jmb ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- passw0rd trial limit ceyhun (Jun 24)
- Re: passw0rd trial limit funkys0ul (Jun 24)
- Re: passw0rd trial limit AgentSmith15 (Jun 25)
- Re: passw0rd trial limit Alice Bryson (Jun 24)
- RE: passw0rd trial limit Andy Meyers (Jun 25)
- Re: passw0rd trial limit Eliah Kagan (Jun 25)
- RE: SPAM-LOW: passw0rd trial limit Mohsin Ahmed (Jun 27)
- Re: SPAM-LOW: passw0rd trial limit Christopher Schwardt (Jun 27)
- <Possible follow-ups>
- Re: passw0rd trial limit Zed Qyves (Jun 26)
- RE: passw0rd trial limit Beauford, Jason (Jun 26)
- Re: passw0rd trial limit Zed Qyves (Jun 27)
- Re: passw0rd trial limit funkys0ul (Jun 24)