Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: Brutus issue
From: Pieter Danhieux <opr () bsdaemon be>
Date: Wed, 1 Nov 2006 18:23:29 +0100 (CET)
Juan,
create a perl script which generates a dictionairy file for you with all the potentail usernames, and another file with the potential passwords. Load a dictionairy attack with Hydra.
Also, check wether the loginnames are LIMITED to 4 chars or EXACTLY 4 chars. Same remark for passwords. This could save you a lot of login attempts ... 

kind regards,
--
Pieter Danhieux
CISSP, GSEC, GCIH, CISA, GCFA

On Tue, 31 Oct 2006, Juan B wrote:


Hi,

I am conducting a pen test for a client of mine.
in his web server he is using basic authntication
(base 64)
I need to issue a brute force attack against his
authentication scheme.
I know that the users and password are all numbers.
foe example the user might be something as:
5486
and the password could be :

546846533
The users are limited to 4 numbers and the passwords
for 8 numbers.

How I can tell brutus or hydra to use only numbers in
the brute force?

Thanks very much !

Juan



____________________________________________________________________________________
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates
(http://voice.yahoo.com)


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]