Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Brutus issue

From: "Mister Dookie" <misterdookie () gmail com>
Date: Wed, 1 Nov 2006 12:59:23 -0500
Hey Juan B,

Select Pass Mode: Brute Force, then click on "Range". Select the radio
button for "Digits Only" and then set the minimum and maximum range
for password length. There you go!

Regards,
Jason

On 10/31/06, Juan B <juanbabi () yahoo com> wrote:

Hi,

I am conducting a pen test for a client of mine.
in his web server he is using basic authntication
(base 64)
I need to issue a brute force attack against his
authentication scheme.
I know that the users and password are all numbers.
foe example the user might be something as:
5486
and the password could be :

546846533
The users are limited to 4 numbers and the passwords
for 8 numbers.

How I can tell brutus or hydra to use only numbers in
the brute force?

Thanks very much !

Juan



____________________________________________________________________________________
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates
(http://voice.yahoo.com)


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: