From: L. Walker (lwalker@magi.net.au)
Date: Wed May 18 2005 - 11:10:40 EDT
On Wed, 2005-05-18 at 14:05 +0200, Ølstad, Roger wrote:
> Hi!
>
> I have this web-based service/directory which offers users access through a username/password-authentication process. I am wondering what if some of the usernames are compromised, and I actually don't want to change the username? Are there any tools able to run some kind of bruteforce-attack or something, against my web-authentication? Other alternatives? Do I really have to consider my whole system as compromised just because a username may be lost?
>
> In addition, does anyone know of any tool that can help me audit the web-server regarding to passwordpolicy, passwordstrength etc.
>
> I appreciate all relevant answers :-)
>
> Very best
>
> R
There are a couple of HTTP Basic auth bruteforce products out there,
THC's Hydra being one of my favourites. You can find this product @
http://www.thc.org
Brutus is another product off the top of my head, but I tend to be
biased and say Hydra :)
-- L. Walker Administrator / Consultant -- Security-focused Linux and Windows based administration services http://magi.net.au - Development blog for *nix users and hosting groups --
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT