Hi,

I've got a webpage with a form on it that has a field for "password" only. It connects with my cgi script. Just for fun, I'd like to hack it with brute force. The passwords are randomly generated in a combination of 0-9 & A-Z. I want to hack it from the outside, just as someone would do to my website.

Can anyone provide free software recommendation or give me instructions on how to do it another way. I tried using "brutus", but it is far from functional. I'm not familiar with hacking terminology, so any advice in good detail would be most appreciative.

thanks

If you are sumbiting the data via post, get or write a program that will send that data in an HTTP request. That'd be the fastest way, and depending on how good of password you have, it could take quite a long time to break.

Sounds dodgy to me :p

There are programs around such as "Munga Bunga's Brute Forcer" (I think that's right?) which do... um, something like that anyway! - however you don't actually NEED to hack your password, and I would recommend you do not.

All you need to do is work out how complex your password is.

You say that it uses A-Z and 0-9, which gives 36 possible valid characters. You do not say the length.

Therefore, you can do nPr forumlae (permutations, rather than nCr combinations, because you can repeat the characters). This will give you the number of passwords available to you.

Then it's simply a matter of figuring out how long that would take.

Usually, people only actually try to hack in this method when it is someone else's system. There is never normally a reason to do this kind of thing to your own system.

Finally, I'll point out that any decent system will make an effort to deny further attempts from that user for x minutes, after n wrong attempts.

::] krycek [::

Originally posted by krycek
Sounds dodgy to me :p
Hehe, dodgy eh? You seem to know a bit about it ;) Guess that sort of thing only comes with experience lol.

;)

::] krycek [::