Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can Hydra Brute Force HTTP Digest Authentication?

From: David Maciejak <david.maciejak () gmail com>
Date: Thu, 25 Aug 2011 21:46:43 +0200
yes, as you can see in the comparison table [1], it supports
digest-md5. OWASP is not up to date.

[1] http://www.thc.org/thc-hydra/network_password_cracker_comparison.html

regards,
david

On Thu, Aug 18, 2011 at 6:08 AM, Zaki Akhmad <zakiakhmad () gmail com> wrote:

Hi,

I'd like to know whether hydra can brute force HTTP digest authentication?

From the OWASP Testing document[1], I only found brute force:
- HTTP basic authentication
- HTML Form Based Authentication

[1] https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29#Brute_force_Attacks

--
Zaki Akhmad

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: