Home page logo

pen-test logo Penetration Testing mailing list archives

RE: password cracking a web form, tried hydra and brutus
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 5 Feb 2004 16:49:38 -0500

Since web forms can vary widely, there is no cut-and-dried program that will
do this for you. The closest thing is a scripting language called ELZA
(http://www.stoev.org/elza/) that is designed for this sort of thing.  But
if you can't really code, you're out of luck.

-----Original Message-----
From: aRt dE vIvRe [mailto:bishan4u () yahoo co uk] 
Sent: Thursday, February 05, 2004 5:18 AM
To: Rob Shein; pen-test () securityfocus com
Subject: RE: password cracking a web form, tried hydra and brutus


The problem is you're trying to use HTTP authentication, instead of 
submitting the results to the form.

Yes, you are right. I tried Accessdriver also, but that also 
works only for HTTP authentication and not for submitting form.

Your better bet is to work something
in perl most likely (but any tcp-capable language will do), 
that will 
submit requests just as would happen if you were to 
sequentially try 
various login
attempts on their web page.

Sorry, but I'm not so good at programming.
Is there any open source program which does this? I'm looking 
for such a program over a week now, but no luck!

There are also other ways you could poke at it...have you tried SQL 
injection attacks in either the password or login field?

Can you please put some more light on it!

Thanx and Regards,


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]