From: aRt dE vIvRe [mailto:bishan4u () yahoo co uk]
Sent: Thursday, February 05, 2004 5:18 AM
To: Rob Shein; pen-test () securityfocus com
Subject: RE: password cracking a web form, tried hydra and brutus
The problem is you're trying to use HTTP authentication, instead of
submitting the results to the form.
Yes, you are right. I tried Accessdriver also, but that also
works only for HTTP authentication and not for submitting form.
Your better bet is to work something
in perl most likely (but any tcp-capable language will do),
submit requests just as would happen if you were to
attempts on their web page.
Sorry, but I'm not so good at programming.
Is there any open source program which does this? I'm looking
for such a program over a week now, but no luck!
There are also other ways you could poke at it...have you tried SQL
injection attacks in either the password or login field?
Can you please put some more light on it!
Thanx and Regards,