Author Topic: bruteforce a website  (Read 1011 times)

0 Members and 1 Guest are viewing this topic.

Offline fettmaker

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
bruteforce a website
« on: December 09, 2014, 04:36:51 am »
Hello guys

Is this page  vulnerable for brute force atack?: https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en

Im a noob, and i try quite a while to bruteforce it with kalis hydra. But  in vain.
here is my code:
   hydra -l Test -P /root/upc reg.upc-cablecom.ch http-post-form "/register-webapp/register.portal;JSESSIONID_SCP=Lw0HJFJGJLGJL12TScqDvJMhQdbnbdGW3w7Vrt6KRgSvmxQ5zZNh!518791670?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FvalidateCustomer.php:login_content{actionForm.lastname}=^USER^&login_content{actionForm.customerNumber}=^PASS^:ungültige Kundennummer"

and here the eroor: bash: !518791670: event not found

I used burpsuite to capture and used also html page for any other informations

please help
« Last Edit: December 09, 2014, 04:40:38 am by fettmaker »

Offline madf0x

  • Knight
  • **
  • Posts: 172
  • Cookies: 50
    • View Profile
Re: bruteforce a website
« Reply #1 on: December 09, 2014, 05:50:02 am »
Ugh, okay. Not gunna yell at you for being a newb who doesn't know how to ask the right questions and I'm not even gunna bother delving into your problem to spoon feed you your answer.

What I will give you is some general advice. For starters, no one likes to do homework for you. Yeah this isn't literally homework but you get what I mean. The biggest thing you should learn is that you should NEVER try something in the wild you don't first understand. I dont care what your ethics or motives are, if you are trying something new in the wild you are risking shooting yourself in the foot. I will fully admit to this mistake in the past and so can a lot of people. Those people got lucky just like I got lucky. I look back at the dumb stuff I tried and say wow, I would have chewed my ass a new one if I saw someone doing that. Thats basically what youre doing right now. You don't seem to understand how hydra works, or even what you are really trying to bruteforce. Bruteforce is a pretty simple concept and likely there are tons of other things you dont know that you are doing/not doing that can screw yourself over. I dont care what your objective is but I recommend stopping immediately. Take a deep breath and take a few steps backwards. Look at the basics, even more basic than bruteforcing a form, and setup your own test lab. There are tons of guides out there and setups to freely setup your own test environment to practice all sorts of techniques from metasploit,sql injection, bruteforce, all the way up to rop based exploits on 64 bit architectures. Start with those, break into them and understand what you are really doing.

You'll thank me later when down the road you look back at this and say 'wow, I couldve shot myself in the foot and pleading with big buba right now'

Offline RedBullAddicted

  • Moderator
  • Sir
  • *
  • Posts: 519
  • Cookies: 189
    • View Profile
Re: bruteforce a website
« Reply #2 on: December 09, 2014, 07:19:20 am »
mhm.. good reply madf0x. You maybe want to save it cause you will get a lot of chances to re-post that :P
@OP: take his advice.. its the best one you can get!
Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before. - Edgar Allan Poe

Spacecow

  • Guest
Re: bruteforce a website
« Reply #3 on: December 09, 2014, 08:06:36 am »
This post made me lol :P
I wounder what the problem could be. Damn programmers, if the had only included some sort of error message.  :'(

Offline ip3rt3ck

  • NULL
  • Posts: 1
  • Cookies: -2
    • View Profile
Re: bruteforce a website
« Reply #4 on: December 10, 2014, 06:30:06 am »
dude this is funny you just jumped on a website and you are trying to B_F the site....damn i could bet  you didn't do any recon******* and you clearly don't know what you are doing; i say take madf0x  advice and i will also advice you to take this shit step by step! a drop of water makes an Ocean learn from the bottom to top example is try to pick up books about webserver architecture etc and get some knowledge dude. And you need to understand what you are doing before you do it. Damn u just broke my heart and i;m gonna go hang my self hehehe!
MMM

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: bruteforce a website
« Reply #5 on: December 10, 2014, 06:34:46 am »
Hello guys

Is this page  vulnerable for brute force atack?: https://reg.upc-cablecom.ch/register-webapp/register.portal?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FbeginRegistrationStep1&login_contentbegin_reg_type=forgetemailpwd&csp_lang=en

Im a noob, and i try quite a while to bruteforce it with kalis hydra. But  in vain.
here is my code:
   hydra -l Test -P /root/upc reg.upc-cablecom.ch http-post-form "/register-webapp/register.portal;JSESSIONID_SCP=Lw0HJFJGJLGJL12TScqDvJMhQdbnbdGW3w7Vrt6KRgSvmxQ5zZNh!518791670?_nfpb=true&_windowLabel=login_content&login_content_actionOverride=%2Fportlets%2Flogin%2FvalidateCustomer.php:login_content{actionForm.lastname}=^USER^&login_content{actionForm.customerNumber}=^PASS^:ungültige Kundennummer"

and here the eroor: bash: !518791670: event not found

I used burpsuite to capture and used also html page for any other informations

please help


Young one. In order to become one with a computer you must listen to what she tells you, and respond in turn. I have highlighted your error but I will help you no more.
[/sarcastic-sensei]


dude read the fucking error. I highlighted it out of pity.
[/real-hth]

<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline silenthunder

  • Royal Highness
  • ****
  • Posts: 700
  • Cookies: 23
  • Anpan.
    • View Profile
Re: bruteforce a website
« Reply #6 on: December 10, 2014, 07:19:28 am »
Can I just-...

LMAO!

I mean, awesome post by madfox, and I love the sarcasm by HTH. But, I didn't even take a step into programming...played with a python tut for a day, dropped it...signed up for programming in college, just stopped going to class after the first week, didn't retain a thing... haven't even played with computers in over a year, and I still caught the error.


"Hacking is a lifestyle, a specific mindset, and it really is a lot of work." - Daemon

"Just wanted to state that this is just wicked social engineering at its best." - proxx

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: bruteforce a website
« Reply #7 on: December 10, 2014, 07:37:18 am »
Locked.
Not going anywhere, nice flaming.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage