password cracking a web form, tried hydra and brutus


Welcome to the Virus.Org Mailing List Archive

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

To: [EMAIL PROTECTED]
Subject: password cracking a web form, tried hydra and brutus
From: "aRt dE vIvRe" <[EMAIL PROTECTED]>
Date: Mon, 2 Feb 2004 20:22:46 +0530 (IST)
In-reply-to:
References:
Reply-to: [EMAIL PROTECTED]

hi,

we are conducting a PT for a website. In order to password crack the
login/password form authentication (which happens to be squirrelmail,
written in php, looks similar to the login page of yahoo or msn)  I was
looking for some tools.

I came across Hydra and Brutus. When I tried Brutus on an inhouse dummy
site, after configuring the parameters the target would automatically
become <target>redirect.php. I googled but couldnot find a solution to it.


Then I tried hydra at with following command:
# hydra  -l smg -p we2su 192.168.0.3  http /webmail/src/login.php

it resulted as:
[80][www] host: 192.168.0.2   login: smg   password: we2su

which is a wrong result since I had given the wrong password.

I get the same result for valid or invalid passwords.

Am I doing anything wrong?

Is there any other tool which does what I'm looking for?

Pls. help me with this :)

Regards,
B'shan









---------------------------------------------------------------------------
----------------------------------------------------------------------------

Follow-Ups:
- RE: password cracking a web form, tried hydra and brutus
  - From: Rob Shein

Prev by Date: RE: TCP Header manipulation of the protocol field
Next by Date: Re: Interesting challenge
Previous by thread: RE: TCP Header manipulation of the protocol field
Next by thread: RE: password cracking a web form, tried hydra and brutus
Index(es):
- Main
- Thread

Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.