Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
SyS49152
Jun 23 2005, 07:16 PM
I was looking for such kind of tool ..
obviusly any form is different from others ..
but a tool that with some tweaks
let you run a dict or brute force attack
against a login form for example on a web page does exist ?

dr_f
Jun 23 2005, 07:34 PM
I think "Brutus" can do such a thing I have had a look before and it says things like HTTP (FORM) and HTTP (AUTH) if i remember maybe worth having a look?
fizzik
Jun 24 2005, 05:43 AM
check out form@

you'll find it at deny.de
belgther
Jun 24 2005, 10:32 AM
WWWHack or Brutus are the two most known ones. Brutus is freeware, and WWWHack is sharreware.
SyS49152
Jun 24 2005, 01:26 PM
QUOTE(belgther @ Jun 24 2005, 10:32 AM)
WWWHack or Brutus are the two most known ones. Brutus is freeware, and WWWHack is sharreware.
*



well brutus it's not good ..
wwwhack a little better but still too little flexible to be usefull ..
form@ sounds good by the name but I wasn't able to find it on deny.de ..
and not even by google due to the "@" in the name ..
do you have the exact name of the zip ?

for all trial members replying here :
I'm NOT looking for tools to bruteforce BASIC http authentication ,
but "homemade" web forms ..
it's different ..
silos
Jun 25 2005, 09:26 PM
Wasat and WebSleuth are pretty good.Websleuth does a lot more too.
Perhaps Crackwhore as well.
fizzik
Jun 26 2005, 05:58 AM
hxxp://sss.deny.de/

rolleyes.gif
smith_john
Jun 26 2005, 08:16 AM
well brutus ****it is the best******
Warlord_David
Jun 27 2005, 04:48 PM
CForce is good, Form@ is also cool. and the program Caecus for OCR's are nice also smile.gif
Tec
Jun 27 2005, 05:25 PM
When I needed to brute force a web-login system (successfully) I wrote a program that connected to the server, sent the correct headers, replacing the password for each entry in a dictionary file. Then, it recieved the feedback and analyzed it to see if the attempt was successful or failed.
uname-a
Jun 27 2005, 10:14 PM
Use Access Driver, it's pretty good one,it's mainly designed for http basic auth attacks, but has so much more.
If you cannot find it, contact me on governmentsecurity irc server, my nickname on it is uname-a, i'll be pleased to send it to you.
whiskah
Jun 28 2005, 12:18 AM

/edit
oops sorry, link was already posted..
SyS49152
Jun 28 2005, 12:42 AM
QUOTE(Warlord_David @ Jun 27 2005, 04:48 PM)
CForce is good, Form@ is also cool. and the program Caecus for OCR's are nice also smile.gif
*



any link ?
thx
whiskah
Jun 28 2005, 02:57 AM
[quote]
any link ?
thx

[/quote
caecus..dunnno abt cforce
http://sentinel.securibox.net/Caecus.php
SyS49152
Jun 28 2005, 11:46 AM
[/quote
caecus..dunnno abt cforce
http://sentinel.securibox.net/Caecus.php
*

[/quote]

very nice tool ..
but I don't need the ocr by now ..
It seems that this cforce is the tool of the moment in this field ..
Vermillion
Aug 6 2005, 02:23 AM
WWWhack and Access driver there the best for what i think

you can download them here

http://solitare.e2u.cc

the WWWhack has the regestration code in the zip
and access driver is free

check it out
skydance
Aug 6 2005, 01:48 PM
hate to ask this but can anyone post a link to cforce or upload it here, i cant find it.... blink.gif thanx
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.