hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
SyS49152
Jun 23 2005, 07:16 PM
I was looking for such kind of tool ..
obviusly any form is different from others ..
but a tool that with some tweaks
let you run a dict or brute force attack
against a login form for example on a web page does exist ?

dr_f
Jun 23 2005, 07:34 PM
I think "Brutus" can do such a thing I have had a look before and it says things like HTTP (FORM) and HTTP (AUTH) if i remember maybe worth having a look?
fizzik
Jun 24 2005, 05:43 AM
check out form@

you'll find it at deny.de
belgther
Jun 24 2005, 10:32 AM
WWWHack or Brutus are the two most known ones. Brutus is freeware, and WWWHack is sharreware.
SyS49152
Jun 24 2005, 01:26 PM
QUOTE(belgther @ Jun 24 2005, 10:32 AM)
WWWHack or Brutus are the two most known ones. Brutus is freeware, and WWWHack is sharreware.
*



well brutus it's not good ..
wwwhack a little better but still too little flexible to be usefull ..
form@ sounds good by the name but I wasn't able to find it on deny.de ..
and not even by google due to the "@" in the name ..
do you have the exact name of the zip ?

for all trial members replying here :
I'm NOT looking for tools to bruteforce BASIC http authentication ,
but "homemade" web forms ..
it's different ..
silos
Jun 25 2005, 09:26 PM
Wasat and WebSleuth are pretty good.Websleuth does a lot more too.
Perhaps Crackwhore as well.
fizzik
Jun 26 2005, 05:58 AM
hxxp://sss.deny.de/

rolleyes.gif
smith_john
Jun 26 2005, 08:16 AM
well brutus ****it is the best******
Warlord_David
Jun 27 2005, 04:48 PM
CForce is good, Form@ is also cool. and the program Caecus for OCR's are nice also smile.gif
Tec
Jun 27 2005, 05:25 PM
When I needed to brute force a web-login system (successfully) I wrote a program that connected to the server, sent the correct headers, replacing the password for each entry in a dictionary file. Then, it recieved the feedback and analyzed it to see if the attempt was successful or failed.
uname-a
Jun 27 2005, 10:14 PM
Use Access Driver, it's pretty good one,it's mainly designed for http basic auth attacks, but has so much more.
If you cannot find it, contact me on governmentsecurity irc server, my nickname on it is uname-a, i'll be pleased to send it to you.
whiskah
Jun 28 2005, 12:18 AM

/edit
oops sorry, link was already posted..
SyS49152
Jun 28 2005, 12:42 AM
QUOTE(Warlord_David @ Jun 27 2005, 04:48 PM)
CForce is good, Form@ is also cool. and the program Caecus for OCR's are nice also smile.gif
*



any link ?
thx
whiskah
Jun 28 2005, 02:57 AM
[quote]
any link ?
thx

[/quote
caecus..dunnno abt cforce
http://sentinel.securibox.net/Caecus.php
SyS49152
Jun 28 2005, 11:46 AM
[/quote
caecus..dunnno abt cforce
http://sentinel.securibox.net/Caecus.php
*

[/quote]

very nice tool ..
but I don't need the ocr by now ..
It seems that this cforce is the tool of the moment in this field ..
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.