Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Colombo
Red Hat Certified System Administrator (RHCSA) - RHEL 10
Sanjeewani95
Updated:
Yesterday at 7:43 PM
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Thursday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Wednesday at 9:58 PM
Ad icon
Video Content Creator
pramukag
Updated:
Sunday at 6:10 AM
Ad icon
QA Engineer Intern
pramukag
Updated:
Sunday at 6:07 AM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
ElaKiri Help
~H~A~C~K~I~N~G = ASk
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="FUNasela" data-source="post: 3963407" data-attributes="member: 54899"><p>*****</p><p></p><p>***** is a multifeature Web password cracker. The program is written for ****** only but allows for a number of different types of authentication **** forcing, including:</p><p></p><p>· HTTP (Basic Authentication)</p><p></p><p>· HTTP (HTML Form/CGI)</p><p></p><p>· POP3 (Post Office Protocol v3)</p><p></p><p>· FTP (File Transfer Protocol)</p><p></p><p>· SMB (Server Message Block)</p><p></p><p>· Telnet</p><p></p><p>Although HTTP Basic is the most ubiquitous program on the Internet today, HTTP Form is close behind. To use ***** to ***** force a standard HTTP Basic page, we need only input the target in the Target field, select HTTP (Basic Authentication) in the Type field, and then select the type of Authentication Options (by default it will use the most common of usernames and passwords). Figure 15-5 shows how ***** can be set up to brute force known usernames and passwords.</p><p></p><p>Figure 15-5. **** ****** forcing an HTTP Basic connection</p><p></p><p></p><p>The Positive Authentication Results window shows that the administrator username and test username have been confirmed to have a blank password and the word "test," respectively.</p><p></p><p>However, if we have exhausted our list of usernames and passwords, we can allow **** to identify the password with its brute-force options. As shown in Figure 15-6, with these options we can select the size and composition of the password in an attempt to include the full ASCII keyspace or a customized range.</p><p></p><p>Figure 15-6. ****'s *****-force password options</p><p></p><p></p><p>Then when **** runs, which could take some time, it will attempt all the permutations of the set created. Figure 15-7 reveals that, with 0–6 length and lowercase alpha as the composition, the complete brute force will take about a month on a P4-1.2 GHz machine. Not quite the speed we were looking for, but the feature is robust.</p><p></p><p>Figure 15-7. ***, using the true ****-**** feature</p><p></p><p></p><p>But the real advantage of using *** for Web password cracking is for HTTP (Form) attempts. **** offers a number of features that accommodate whatever form we have, including the support of cookies and user-defined responses. Figure 15-8, shows ****'s simple interface for setting up an HTTP (Form) brute-force attempt.</p><p></p><p>Figure 15-8. **** and HTTP (form) settings</p><p></p><p></p><p>Now, using the "Learn From Settings" button, we let Brutus try to read the form we want to brute force and understand what it requires for authentication. Figure 15-9 shows the returned options and fields specific for the targeted form.</p><p></p><p>Figure 15-9. **** Form Viewer</p><p></p><p></p><p>The two fields in the form are "user" and "password." The back-end server program that processes the user and password to validate it is /cgi-bin/login.cgi. We accept these parameters and have ***** attempt passwords against the system, as shown in Figure 15-10.</p><p></p><p>Figure 15-10. **** and HTTP (form) results</p><p></p><p></p><p>****'s flexibility is robust and its feature set unrivaled. It will perform every major authentication attempt except NTLM. The only program we know that offers NTLM **** forcing is ****</p></blockquote><p></p>
[QUOTE="FUNasela, post: 3963407, member: 54899"] ***** ***** is a multifeature Web password cracker. The program is written for ****** only but allows for a number of different types of authentication **** forcing, including: · HTTP (Basic Authentication) · HTTP (HTML Form/CGI) · POP3 (Post Office Protocol v3) · FTP (File Transfer Protocol) · SMB (Server Message Block) · Telnet Although HTTP Basic is the most ubiquitous program on the Internet today, HTTP Form is close behind. To use ***** to ***** force a standard HTTP Basic page, we need only input the target in the Target field, select HTTP (Basic Authentication) in the Type field, and then select the type of Authentication Options (by default it will use the most common of usernames and passwords). Figure 15-5 shows how ***** can be set up to brute force known usernames and passwords. Figure 15-5. **** ****** forcing an HTTP Basic connection The Positive Authentication Results window shows that the administrator username and test username have been confirmed to have a blank password and the word "test," respectively. However, if we have exhausted our list of usernames and passwords, we can allow **** to identify the password with its brute-force options. As shown in Figure 15-6, with these options we can select the size and composition of the password in an attempt to include the full ASCII keyspace or a customized range. Figure 15-6. ****'s *****-force password options Then when **** runs, which could take some time, it will attempt all the permutations of the set created. Figure 15-7 reveals that, with 0–6 length and lowercase alpha as the composition, the complete brute force will take about a month on a P4-1.2 GHz machine. Not quite the speed we were looking for, but the feature is robust. Figure 15-7. ***, using the true ****-**** feature But the real advantage of using *** for Web password cracking is for HTTP (Form) attempts. **** offers a number of features that accommodate whatever form we have, including the support of cookies and user-defined responses. Figure 15-8, shows ****'s simple interface for setting up an HTTP (Form) brute-force attempt. Figure 15-8. **** and HTTP (form) settings Now, using the "Learn From Settings" button, we let Brutus try to read the form we want to brute force and understand what it requires for authentication. Figure 15-9 shows the returned options and fields specific for the targeted form. Figure 15-9. **** Form Viewer The two fields in the form are "user" and "password." The back-end server program that processes the user and password to validate it is /cgi-bin/login.cgi. We accept these parameters and have ***** attempt passwords against the system, as shown in Figure 15-10. Figure 15-10. **** and HTTP (form) results ****'s flexibility is robust and its feature set unrivaled. It will perform every major authentication attempt except NTLM. The only program we know that offers NTLM **** forcing is **** [/QUOTE]
Insert quotes…
Verification
Dawasata paya keeyak thibeda?
Post reply
Top
Bottom