RE: passw0rd trial limit

From: Beauford, Jason (jbeauford@EightInOnePet.com)
Date: Mon Jun 26 2006 - 13:15:46 EDT

• Next message: Steven: "Re: testing vulnerable web application."
• Previous message: Rogan Dawes: "Re: testing vulnerable web application."
• Maybe in reply to: ceyhun: "passw0rd trial limit"
• Next in thread: Zed Qyves: "Re: passw0rd trial limit"
• Reply: Zed Qyves: "Re: passw0rd trial limit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Zed Qyves wrote:
> Hello,
>
> I am curious as to how and where is this "5 times login" enforced?
>
> Few implementations I've seen do it client side either with a cookie
> or, even worse, a hidden field. Others do it server side on a session
> table or other, home made structure.
>
> If the first is the case you are in luck. I don't recall any
> bruteforcer tools that actually let you modify the Set-Cookie
> directive so you may have to run it through a personal proxy that
> will auto manipulate this field - WebProxy, if you can still get hold
> of it on the Net since it seems to have disappeared has a RegEx match
> and replace pattern which can come in handy in the above - of cource
> the bruteforcer needs to have proxy support. If its is a hidden
> value, well keep requesting with field value 1 and you should be ok.
>
> If server side user session inval login attemps storeage is used
> there is not really anything you can do but try attacking the
> bruteforcing problem in a different approach:
>
> pick the most common password in you opinion - I would say 123456 or
> 654321 - and run it through all the usernames, depending on the size
> of the application users' database you are bound to have some hits.
>
> Hope it helps.
>
> ZQyves

My first thought on this was to try an around about approach to get your
hands on the username database and try to crack usernames "offline" Any
chance of that ?

jmb

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Steven: "Re: testing vulnerable web application."
• Previous message: Rogan Dawes: "Re: testing vulnerable web application."
• Maybe in reply to: ceyhun: "passw0rd trial limit"
• Next in thread: Zed Qyves: "Re: passw0rd trial limit"
• Reply: Zed Qyves: "Re: passw0rd trial limit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:10 EDT