From: aRt dE vIvRe (bishan4u@yahoo.co.uk)
Date: Mon Feb 02 2004 - 09:52:46 EST
hi,
we are conducting a PT for a website. In order to password crack the
login/password form authentication (which happens to be squirrelmail,
written in php, looks similar to the login page of yahoo or msn) I was
looking for some tools.
I came across Hydra and Brutus. When I tried Brutus on an inhouse dummy
site, after configuring the parameters the target would automatically
become <target>redirect.php. I googled but couldnot find a solution to it.
Then I tried hydra at with following command:
# hydra -l smg -p we2su 192.168.0.3 http /webmail/src/login.php
it resulted as:
[80][www] host: 192.168.0.2 login: smg password: we2su
which is a wrong result since I had given the wrong password.
I get the same result for valid or invalid passwords.
Am I doing anything wrong?
Is there any other tool which does what I'm looking for?
Pls. help me with this :)
Regards,
B'shan
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT