password brute force

[floodhound2]

Can someone recommend a wordpress password tester or brute force program. I need to test my sites.

[ayu]

THC Hydra for normal use, or if you want to be able to tweak and have more control then I highly recommend Burp Suite PRO.

[floodhound2]

Yea cats I went with Hydra but running it on windows sucks. I had to install CYgwin64 and now trying to remember how to operate in a linux emulator.

I have a directory with Hydra suorce files but hoe do I get to them with GNU Bash commands?

[ayu]

Yea cats I went with Hydra but running it on windows sucks. I had to install CYgwin64 and now trying to remember how to operate in a linux emulator.

I have a directory with Hydra suorce files but hoe do I get to them with GNU Bash commands?

Isch that sounds messy. Haven't tried that in a while ... starting to remember why now xD

May I recommend Virtualbox with Debian if you want to run Hydra .
Else Burp works with Windows as well since it's written in Java.

[bad_brain]

if it doesn't have to be Hydra 8 and version 7.5 is enough: pre-compiled Win version attached, including all cygwin stuff. you can simply run it out of the box (make sure to keep the folder structure though).

[ayu]

If it's not many sites btw, and that you can provide proof that it's yours (or not, I trust you ), then I can help you test them if you want

[floodhound2]

Thanks B_B I should have thought about that.
I've got it running and will begin testing soon.

Thanks Cats for the offer and advice - I will get you involved if I cant get the details to work out.

On the bright side I installed a few other tools like a C compiler but I think its now time to ditch windows.

[Kirk]

The burp suite cats mentioned is a fantastic app. It pretty much does everything you could need. Although I don't remember a brute force ability in but I bet it's there, I just haven't used it yet. You can intercept the traffic between your browser and the site both ways. You can also manage those captures to a degree I didn't know possible. I'm just beginning to learn the program but so far it's pretty amazing. I don't have the pro version, just the free version.

[ayu]

The burp suite cats mentioned is a fantastic app. It pretty much does everything you could need. Although I don't remember a brute force ability in but I bet it's there, I just haven't used it yet. You can intercept the traffic between your browser and the site both ways. You can also manage those captures to a degree I didn't know possible. I'm just beginning to learn the program but so far it's pretty amazing. I don't have the pro version, just the free version.

You can setup the intruder to work like a brute forcer : D.
Not like a normal one at looks but it works just the same and gives you some more control.
Fun imho ^^

[Kirk]

cats, do you have to paid version of the burp suite? is it worth the money? i would love to have that version just cant afford it so im working with the free version.

[ayu]

cats, do you have to paid version of the burp suite? is it worth the money? i would love to have that version just cant afford it so im working with the free version.

Depends on what you want to do I guess.
I bought it for the intruder since I need to iterate over direct object reference cases sometimes when I do pen testing.
The intruder still works in the free version but is slower.
So free version will get you around just fine