password brute force
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
password brute force
Can someone recommend a wordpress password tester or brute force program. I need to test my sites.
₣£ΘΘĐĦΘŮŇĐ
Re: password brute force
THC Hydra for normal use, or if you want to be able to tweak and have more control then I highly recommend Burp Suite PRO.
"The best place to hide a tree, is in a forest"
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
Re: password brute force
Yea cats I went with Hydra but running it on windows sucks. I had to install CYgwin64 and now trying to remember how to operate in a linux emulator.
I have a directory with Hydra suorce files but hoe do I get to them with GNU Bash commands?
I have a directory with Hydra suorce files but hoe do I get to them with GNU Bash commands?
₣£ΘΘĐĦΘŮŇĐ
Re: password brute force
Isch that sounds messy. Haven't tried that in a while ... starting to remember why now xDfloodhound2 wrote:Yea cats I went with Hydra but running it on windows sucks. I had to install CYgwin64 and now trying to remember how to operate in a linux emulator.
I have a directory with Hydra suorce files but hoe do I get to them with GNU Bash commands?
May I recommend Virtualbox with Debian if you want to run Hydra .
Else Burp works with Windows as well since it's written in Java.
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: password brute force
if it doesn't have to be Hydra 8 and version 7.5 is enough: pre-compiled Win version attached, including all cygwin stuff. you can simply run it out of the box (make sure to keep the folder structure though).
- Attachments
-
- hydra-7.5-windows.zip
- (3.89 MiB) Downloaded 75 times
Re: password brute force
If it's not many sites btw, and that you can provide proof that it's yours (or not, I trust you ), then I can help you test them if you want
"The best place to hide a tree, is in a forest"
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
Re: password brute force
Thanks B_B I should have thought about that.
I've got it running and will begin testing soon.
Thanks Cats for the offer and advice - I will get you involved if I cant get the details to work out.
On the bright side I installed a few other tools like a C compiler but I think its now time to ditch windows.
I've got it running and will begin testing soon.
Thanks Cats for the offer and advice - I will get you involved if I cant get the details to work out.
On the bright side I installed a few other tools like a C compiler but I think its now time to ditch windows.
₣£ΘΘĐĦΘŮŇĐ
Re: password brute force
The burp suite cats mentioned is a fantastic app. It pretty much does everything you could need. Although I don't remember a brute force ability in but I bet it's there, I just haven't used it yet. You can intercept the traffic between your browser and the site both ways. You can also manage those captures to a degree I didn't know possible. I'm just beginning to learn the program but so far it's pretty amazing. I don't have the pro version, just the free version.
Re: password brute force
You can setup the intruder to work like a brute forcer : D.Kirk wrote:The burp suite cats mentioned is a fantastic app. It pretty much does everything you could need. Although I don't remember a brute force ability in but I bet it's there, I just haven't used it yet. You can intercept the traffic between your browser and the site both ways. You can also manage those captures to a degree I didn't know possible. I'm just beginning to learn the program but so far it's pretty amazing. I don't have the pro version, just the free version.
Not like a normal one at looks but it works just the same and gives you some more control.
Fun imho ^^
"The best place to hide a tree, is in a forest"
Re: password brute force
cats, do you have to paid version of the burp suite? is it worth the money? i would love to have that version just cant afford it so im working with the free version.
Re: password brute force
Depends on what you want to do I guess.Kirk wrote:cats, do you have to paid version of the burp suite? is it worth the money? i would love to have that version just cant afford it so im working with the free version.
I bought it for the intruder since I need to iterate over direct object reference cases sometimes when I do pen testing.
The intruder still works in the free version but is slower.
So free version will get you around just fine
"The best place to hide a tree, is in a forest"