EvilZone
Hacking and Security => Hacking and Security => : fettmaker December 09, 2014, 04:36:51 AM
-
Hello guys
Is this page vulnerable for brute force atack?: https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en (https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en)
Im a noob, and i try quite a while to bruteforce it with kalis hydra. But in vain.
here is my code:
hydra -l Test -P /root/upc reg.upc-cablecom.ch http-post-form "/register-webapp/register.portal;JSESSIONID_SCP=Lw0HJFJGJLGJL12TScqDvJMhQdbnbdGW3w7Vrt6KRgSvmxQ5zZNh!518791670?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FvalidateCustomer.php:login_content{actionForm.lastname}=^USER^&login_content{actionForm.customerNumber}=^PASS^:ungültige Kundennummer"
and here the eroor: bash: !518791670: event not found
I used burpsuite to capture and used also html page for any other informations
please help
-
Ugh, okay. Not gunna yell at you for being a newb who doesn't know how to ask the right questions and I'm not even gunna bother delving into your problem to spoon feed you your answer.
What I will give you is some general advice. For starters, no one likes to do homework for you. Yeah this isn't literally homework but you get what I mean. The biggest thing you should learn is that you should NEVER try something in the wild you don't first understand. I dont care what your ethics or motives are, if you are trying something new in the wild you are risking shooting yourself in the foot. I will fully admit to this mistake in the past and so can a lot of people. Those people got lucky just like I got lucky. I look back at the dumb stuff I tried and say wow, I would have chewed my ass a new one if I saw someone doing that. Thats basically what youre doing right now. You don't seem to understand how hydra works, or even what you are really trying to bruteforce. Bruteforce is a pretty simple concept and likely there are tons of other things you dont know that you are doing/not doing that can screw yourself over. I dont care what your objective is but I recommend stopping immediately. Take a deep breath and take a few steps backwards. Look at the basics, even more basic than bruteforcing a form, and setup your own test lab. There are tons of guides out there and setups to freely setup your own test environment to practice all sorts of techniques from metasploit,sql injection, bruteforce, all the way up to rop based exploits on 64 bit architectures. Start with those, break into them and understand what you are really doing.
You'll thank me later when down the road you look back at this and say 'wow, I couldve shot myself in the foot and pleading with big buba right now'
-
mhm.. good reply madf0x. You maybe want to save it cause you will get a lot of chances to re-post that :P
@OP: take his advice.. its the best one you can get!
-
This post made me lol :P
I wounder what the problem could be. Damn programmers, if the had only included some sort of error message. :'(
-
dude this is funny you just jumped on a website and you are trying to B_F the site....damn i could bet you didn't do any recon******* and you clearly don't know what you are doing; i say take madf0x advice and i will also advice you to take this shit step by step! a drop of water makes an Ocean learn from the bottom to top example is try to pick up books about webserver architecture etc and get some knowledge dude. And you need to understand what you are doing before you do it. Damn u just broke my heart and i;m gonna go hang my self hehehe!
-
Hello guys
Is this page vulnerable for brute force atack?: https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en (https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en)
Im a noob, and i try quite a while to bruteforce it with kalis hydra. But in vain.
here is my code:
hydra -l Test -P /root/upc reg.upc-cablecom.ch http-post-form "/register-webapp/register.portal;JSESSIONID_SCP=Lw0HJFJGJLGJL12TScqDvJMhQdbnbdGW3w7Vrt6KRgSvmxQ5zZNh!518791670?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FvalidateCustomer.php:login_content{actionForm.lastname}=^USER^&login_content{actionForm.customerNumber}=^PASS^:ungültige Kundennummer"
and here the eroor: bash: !518791670: event not found
I used burpsuite to capture and used also html page for any other informations
please help
Young one. In order to become one with a computer you must listen to what she tells you, and respond in turn. I have highlighted your error but I will help you no more.
[/sarcastic-sensei]
dude read the fucking error. I highlighted it out of pity.
[/real-hth]
-
Can I just-...
LMAO!
I mean, awesome post by madfox, and I love the sarcasm by HTH. But, I didn't even take a step into programming...played with a python tut for a day, dropped it...signed up for programming in college, just stopped going to class after the first week, didn't retain a thing... haven't even played with computers in over a year, and I still caught the error.
-
Locked.
Not going anywhere, nice flaming.