Penetration Testing mailing list archives
Re: Can Hydra Brute Force HTTP Digest Authentication?
From: David Maciejak <david.maciejak () gmail com>
Date: Thu, 25 Aug 2011 21:46:43 +0200
yes, as you can see in the comparison table [1], it supports digest-md5. OWASP is not up to date. [1] http://www.thc.org/thc-hydra/network_password_cracker_comparison.html regards, david On Thu, Aug 18, 2011 at 6:08 AM, Zaki Akhmad <zakiakhmad () gmail com> wrote:
Hi, I'd like to know whether hydra can brute force HTTP digest authentication? From the OWASP Testing document[1], I only found brute force: - HTTP basic authentication - HTML Form Based Authentication [1] https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29#Brute_force_Attacks -- Zaki Akhmad ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Can Hydra Brute Force HTTP Digest Authentication? Zaki Akhmad (Aug 25)
- Re: Can Hydra Brute Force HTTP Digest Authentication? David Maciejak (Aug 26)
- Re: Can Hydra Brute Force HTTP Digest Authentication? Steve Pinkham (Aug 26)