Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Brute Force Attack
- Attacking HTTP Basic Auth
- Further Reading
|
Brute Force Attack
To launch a brute force attack, we need to make a slight change in the “Payloads” tab. We will change the payload type to “Brute forcer”. We will make modifications to the charset and length depending upon the requirement; as you increase the max length, the total number of permuta- tions would increase. So in this, we would use the lower alphanumeric charset, which would contain all the letters and numbers from 0 to 9, and we would set the minimum and maximum length to 4 . You may increase it if you want. Note : Please note that brute force attacks are pretty slow, and most of the time you would not be performing them in a penetration test, as they can take a significant amount of time and resources if you are brute forcing a complex password. Web Hacking ◾ 323 That’s pretty much it; from the “Intruder” tab, you would click on “Start Attack,” and it would try all possible combinations of alphanumeric charset up to a maximum character length of 4. Attacking HTTP Basic Auth The method for attacking an HTTP basic authentication would be different, since we need to send a base64-encoded payload, which the server could decode and compare with the .htpasswd file. 324 ◾ Ethical Hacking and Penetration Testing Guide Also, the username and the password that would be encoded and sent to the server should be separated by colon for our attack to work. Step 1 —We will start by intercepting the authentication, and then send it to burp intruder. Step 2 —Again, by default, burp intruder would pinpoint the possible positions to be brute- forced; however, we are interested in attacking only the authorization header that would be sent to the server, so we would click the “Add” button to lock the position. Web Hacking ◾ 325 Step 3 —The next step would be to define the usernames that would be used to brute force. We would choose the payload type to custom iterator so we can add our separator and add the usernames that we want to test. Also, in the “Separator for Position 1,” we will add a colon. Step 4 —Next, we would need to select the password that we are testing the usernames against; for that, we select number “2” from the drop-down menu holding the name “positions.” 326 ◾ Ethical Hacking and Penetration Testing Guide Step 5 —Finally, we need to encode our payload with base64 encoding, for which we need to define a rule under the “Payload Processing” tab. To add a rule, select rule type to “Encode” and encoding type to “Base64-encode.” That’s all you need to do for attacking http basic authentication. Further Reading ◾ http://www.symantec.com/connect/blogs/top-500-worst-passwords-all-time. ◾ http://portswigger.net/burp/help/intruder_positions.html. Yüklə 22,44 Mb. Dostları ilə paylaş:
|