Home > Others

Use Burpsuite to blast a weak password. Faculty number

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

use Burpsuite to blast a weak password. Faculty numberPosted in 2015-11-18 |   Categories in Burpsuite |   1 Reviews | 26 readsPrepare

So-called 工欲善其事, its prerequisite, the first of course is to download a burpsuite, you can baidu,google find a cracked version of, of course, you can also use the Kali system comes with, but the Kali system comes with a thread limit, only allow single-threaded, so or to find a cracked version of it!
It is important to note that Burpsuite is written in Java, so learn to run the Java environment, just as Sqlmap needs a Python runtime environment.

Process
  • Website Login Interface

    School network authentication interface automatically jump 10.255.200.1 , from the login interface can be seen, do not need to fill out the verification code, no login IP restrictions, the explanation can be unlimited blasting, yes!
  • Browser configuration
    Use the browser plug-in or Internet options to set the proxy
    ip:127.0.0.1 端口:8080
  • Burpsuite Configuration
    Double-click Burploader.jar under Windows, the default listening port is 8080, or you can change it yourself
    It's important to note that we need a lot of blasting here, so we need to shut down both the request and the response.
    Proxy->Options
    Intercept Client requests and Intercept Server requests are checked for cancellation
  • Grab first package
    After the basic configuration is complete, we're going to start grabbing a package.
  • start blasting
    View the crawled package in Burpsuite, right-click on the Send to intruder

    Modify the parameters to explode, and note that the mode changes to battering ram

    Set your payload, also can be said to be a dictionary, after a lot of staff number of the comparison, the basic staff number format is
    year + (/100/200/300) + (000~999)   For example + + +
    Of course excluding the other English letters of the Community Student Union computer room and so on account
  • Filter results
    Sort the ' length ' field on the result of the blast, and you can see that some of the returned bytes are not the same length
End

Verify the filtered results, and be careful!在网址为10.255.200.1的登录页面中验证

最后的最后,本次只用于测试学习,对任何他人造成的危害行为概不负责,要本着学习的态度

Original link: http://blog.alpace.xyz/2015/11/18/20151118/

Use Burpsuite to blast a weak password. Faculty number

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to use lastpass to generate password how to use peoples wifi without password how to use random number generator how to pick up weak wifi signal how to fix weak wifi signal vmware blast cookie blast

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More