Author Topic: Brute-force (Read 1272 times)

th3g00n · « **on:** February 20, 2012, 07:23:14 PM »

I scanned a website with nmap and found a list of open ports [ 8080, 88, 25 etc.] but when i try to connect it prompts for a passwd. Does any1 know any brute force software or how to use the http-brute script in nmap?

imation · « **Reply #1 on:** February 20, 2012, 07:39:50 PM »

You should really use GOOGLE and do some research

HINT -> HYDRA

Kulverstukas · « **Reply #2 on:** February 20, 2012, 08:23:55 PM »

I'd go for Medusa - seems better.

neusbeer · « **Reply #3 on:** February 22, 2012, 06:28:01 PM »

Or check the running software for known exploits with google or exploit-db
and maybe you can bypass the login or bof.

th3g00n · « **Reply #4 on:** February 24, 2012, 12:10:44 PM »

Quote from: imation on February 20, 2012, 07:39:50 PM

You should really use GOOGLE and do some research

HINT -> HYDRA

How on do I compile hydra on cygwin?

PiZZ4 · « **Reply #5 on:** February 25, 2012, 06:45:21 PM »

Download it and Extract it:

Code: [Select]

tar -xzvf hydra-5.9.1-src.tar.gz
The run the command:

Code: [Select]

./configure
After the configure is completed then run make:

Code: [Select]

make
Then install it:

Code: [Select]

sudo make install

th3g00n · « **Reply #6 on:** February 27, 2012, 03:01:08 PM »

Quote from: PiZZ4 on February 25, 2012, 06:45:21 PM

Download it and Extract it:
Code: [Select]
tar -xzvf hydra-5.9.1-src.tar.gz
The run the command:
Code: [Select]
./configure
After the configure is completed then run make:
Code: [Select]
make
Then install it:
Code: [Select]
sudo make install

Everytime I try it says that the file/directory was not found

neusbeer · « **Reply #7 on:** February 29, 2012, 06:29:56 PM »

sudo isn't a command in Cygwin
(You don't have a user Root ;-))
leave the sudo
Big change that hydra won't run because it wants a root user.
if it does.. try http://cygwin.com/ml/cygwin-apps/2003-11/txt00002.txt
It wil create a user in windows named root

basic idea is that Cygwin doesn't use user-levels like Linux,
but it depends on the Users in Windows.
Your windows-account is used within Cygwin.

Making a root user isn't a bad idea, because when you want to use Nmap
it comes in handy to login as root for it's raw package use.

th3g00n · « **Reply #8 on:** March 13, 2012, 02:38:02 AM »

I downloaded Brutus but the wordlist I have is inefficient; where can I get more. Having a hard time with google.

Factionwars · « **Reply #9 on:** March 13, 2012, 09:04:50 AM »

Quote from: th3g00n on March 13, 2012, 02:38:02 AM

I downloaded Brutus but the wordlist I have is inefficient; where can I get more. Having a hard time with google.

The most populair wordlists is the darkcode.txt.
Also, brutus is very very outdated, i would prefer a newer tool, like hydra

I_Learning_I · « **Reply #10 on:** March 14, 2012, 11:39:47 AM »

Bruteforcing passwords is worthless I would say.
Unless you're trying to hack some poor guy who doesn't know the importance of a big password (in which case there's probably no advantage for you in doing it) it will be just a waste of your time, you can't bruteforce a password quickly enough locally, nevermind with internet connection, and proxying. By the time you get it the Universe will be over (not a joke or exageration, there are websites where you can check how long it takes in average to crack it, my important passwords are easy to memoryze but I have absolutely no problem giving the hash, you'll never find the password).

So in conclusion I advise you to find the service running in port and trying just the default usernames and passwords, other than that, try to exploit with with some overflow, under run, something...