Brute/dictionary password breaking

[Terrorizer]

Hello,]I have an account but i don't know my password.It is a login form in microsoft sharepoint website.I am trying to use hydra tool but it doesnt work correctly. I have problems with defining the hydra attack command and the succes or fail parameters.I have been trying to do this for a week, but sleepless nights do not help me at all. The code looks like this below:hydra -l userlogin -P passwords.txt 123.123.123.123 http-form-post "/index.php:userinput=^USER^&passwordinput=^PASS^:password is wrong"It gives me a message that all the passwords are correct... Any ideas?

[Syntax990]

Hello,]I have an account but i don't know my password.It is a login form in microsoft sharepoint website.I am trying to use hydra tool but it doesnt work correctly. I have problems with defining the hydra attack command and the succes or fail parameters.I have been trying to do this for a week, but sleepless nights do not help me at all. The code looks like this below:hydra -l userlogin -P passwords.txt 123.123.123.123 http-form-post "/index.php:userinput=^USER^&passwordinput=^PASS^:password is wrong"It gives me a message that all the passwords are correct... Any ideas?

Please use default fonts. The fancy stuff is for where it is necessary and it makes the forum look like total shit.

Firstly, your whole idea is flawed. If you have forgotten your password, you can simply ask them to restore your account with a new password. Why on earth would you crack your own password?

Secondly, If you try cracking a Microsoft account, they don't care if it's yours or not, you are attacking them.

Lastly, dictionary attacks and brute force attacks wont work on a company like Microsoft. If you could just hydra into any Microsoft account then they'd be a bit fucked. Systems are put into place to stop these kinds of attacks.

[Terrorizer]

Sorry for the font, i copied this thread from my notepad xD
I am not trying to break microsoft. I have a website which is based on microsoft sharepoint 2010.
I am one of the creators of the website so im not any kind of black hat guy. I am testing the brute force technologies and thats all.
I have a login, and dont have password. Could you please provide me with some information how to make this work?

[Kulverstukas]

At first you say you don't know the password, and later you say you are testing the website... so which is it?

[Terrorizer]

Does it even matter, I have even posted a fake ip and fake input names so
I am just testing it, tried to explain it on a real situation, do you really want to hear the whole story that i am testing whole bunch of penetrations on my own phone, laptop, router etc xD?
Yes, I stopped on the brute force attacks, they seem to be imposible for me. I didnt secure this website in any way against brute force but i cant configure the hydra or any other tool

[Syntax990]

Have you ever signed up to HF? If not then do that now.

[Terrorizer]

I have even no idea what that is sir

[Killeramor]

Wow this topic made my 10 IQ go down to 1.

[Terrorizer]

Well, is anything wrong about it? I just have no idea how to configure that hydra tool even though i watched all the tutorials and stuff from the whole net

[Syntax990]

Well, is anything wrong about it? I just have no idea how to configure that hydra tool even though i watched all the tutorials and stuff from the whole net

Is anything wrong with it?

• Silly fonts
• Lies
• Lack of Googling
• Cookie theif

[Terrorizer]

What the hell are you even talking about?
I didnt change the font, i just wrote the question in notepad and copied here. It looks even the same as the standard forum one.
I didn't lie about anything. I can provide the actual addresses of my website i am trying to break.
I am googling it since a week, I'm doing it night and day and i have tried every possible thing so far that you can find in google... I was adding cookies to the hydra etc.
And your last point, what does that even mean?

[Syntax990]

Click here

[d0rkbLiTz]

Hello,]I have an account but i don't know my password.It is a login form in microsoft sharepoint website.I am trying to use hydra tool but it doesnt work correctly. I have problems with defining the hydra attack command and the succes or fail parameters.I have been trying to do this for a week, but sleepless nights do not help me at all. The code looks like this below:hydra -l userlogin -P passwords.txt 123.123.123.123 http-form-post "/index.php:userinput=^USER^&passwordinput=^PASS^:password is wrong"It gives me a message that all the passwords are correct... Any ideas?

I'm not sure if you done these steps yet. But you should use HTTPFox to test valid and invalid logins. Look at the "headers" and "cookies". Look for "failure" and "success" keywords. Check to see if your site is HTTP GET or HTTP POST. Please read what syntax990 posted.