Penetration Testing mailing list archives
RE: Brutus issue
From: "Isaac Van Name" <ivanname () southerlandsleep com>
Date: Wed, 1 Nov 2006 10:46:29 -0600
Well, Base 64 is an encryption method... of course, that would really only matter if you had the hashes. That being said, you had the answer the whole time. Note this excerpt from the readme.txt file for a Hydra Windows package: ADDITIONAL HINTS ---------------- * uniq your dictionary files! this can save you a lot of time :-) cat words.txt | sort | uniq > dictionary.txt * if you know that the target is using a password policy (allowing users only to choose password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt Yeah, read that second one. That's what the readme is there for. If you get lost after reading that, I suggest you pursue a different line of work. Oh, and after you're done "pen testing" your client, I've got an igloo I've love to sell them. Isaac Van Name Systems Administrator "What good would you do with an ignorant employee? Ignorance is grounds for dismissal..." - Mario Spinthiras Open Source developing at its finest: "Written in vim, W3C valid and UTF-8 encoded, for her pleasure." Disclaimer: This email is intended only to be used to feign intellectual mastery of a subject or superhuman command of the English language, when profanity is involved. By reading this email, you are agreeing to cease all correspondence with the sender upon realizing your own ignorance, and furthermore to refrain from taking legal action against said sender when your compounding ignorance crushes your inadequate self-esteem. Have a nice day. Original> -----Original Message----- Original> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Original> On Behalf Of Juan B Original> Sent: Tuesday, October 31, 2006 5:28 PM Original> To: pen-test () securityfocus com Original> Subject: Brutus issue Original> Original> Hi, Original> Original> I am conducting a pen test for a client of mine. Original> in his web server he is using basic authntication Original> (base 64) Original> I need to issue a brute force attack against his Original> authentication scheme. Original> I know that the users and password are all numbers. Original> foe example the user might be something as: Original> 5486 Original> and the password could be : Original> Original> 546846533 Original> The users are limited to 4 numbers and the passwords Original> for 8 numbers. Original> Original> How I can tell brutus or hydra to use only numbers in Original> the brute force? Original> Original> Thanks very much ! Original> Original> Juan Original> Original> Original> Original> _________________________________________________________________________ Original> ___________ Original> Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates Original> (http://voice.yahoo.com) Original> Original> Original> ------------------------------------------------------------------------ Original> This List Sponsored by: Cenzic Original> Original> Need to secure your web apps? Original> Cenzic Hailstorm finds vulnerabilities fast. Original> Click the link to buy it, try it or download Hailstorm for FREE. Original> http://www.cenzic.com/products_services/download_hailstorm.php?camp Original> =701600000008bOW Original> ------------------------------------------------------------------------ Original> ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Brutus issue joe (Nov 01)
- <Possible follow-ups>
- RE: Brutus issue Isaac Van Name (Nov 01)
- RE: Brutus issue Tonnerre Lombard (Nov 02)
- RE: Brutus issue Isaac Van Name (Nov 02)
- RE: Brutus issue Tonnerre Lombard (Nov 02)
- Re: Brutus issue Pieter Danhieux (Nov 01)
- Re: Brutus issue Mister Dookie (Nov 01)
- Re: RE: Brutus issue rumple (Nov 02)