Pages: [1]

Author Topic: Best Way To Hack HTTP Auth?  (Read 860 times)

0 Members and 2 Guests are viewing this topic.

Offline theotheo36

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -2
    • View Profile
Best Way To Hack HTTP Auth?
« on: September 21, 2015, 10:15:51 pm »
I was wondering what the best way is to hack HTTP auth. Most tutorials show you how to use a dictionary attack or brute force. I don't want to use either of those and was wondering if there are any vulnerabilities in HTTP auth that would help me?
Report to moderator   Logged

Offline blindfuzzy

  • VIP
  • Peasant
  • *
  • Posts: 86
  • Cookies: 34
    • View Profile
Re: Best Way To Hack HTTP Auth?
« Reply #1 on: September 21, 2015, 10:52:03 pm »
Quote from: theotheo36 on September 21, 2015, 10:15:51 pm
I was wondering what the best way is to hack HTTP auth. Most tutorials show you how to use a dictionary attack or brute force. I don't want to use either of those and was wondering if there are any vulnerabilities in HTTP auth that would help me?

Have you done any research on this yet?
Report to moderator   Logged

Offline theotheo36

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -2
    • View Profile
Re: Best Way To Hack HTTP Auth?
« Reply #2 on: September 21, 2015, 11:02:47 pm »
@blindfuzzy I have and all the things I have found are brute force/dictionary attack.
Report to moderator   Logged

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Best Way To Hack HTTP Auth?
« Reply #3 on: September 21, 2015, 11:17:44 pm »
Quote from: theotheo36 on September 21, 2015, 11:02:47 pm
@blindfuzzy I have and all the things I have found are brute force/dictionary attack.
You might want to learn about fuzzers, this introduces a whole lot more to learn ,thats a good thing.
« Last Edit: September 21, 2015, 11:18:09 pm by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline .goethe

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 2
  • /dev/null
    • View Profile
Re: Best Way To Hack HTTP Auth?
« Reply #4 on: September 22, 2015, 05:36:54 pm »
there are no vulnerablities in HTTP auth bcause it requests a client-based (browser) connection to the server.

all you can do is to try a bruteforce attack (mostly easy bcause you have infinite trials; hydra in combination with rockyou.txt may help) or fetch the header of a logged in user (username and password is base64 encoded).
« Last Edit: September 22, 2015, 05:38:10 pm by .goethe »
Report to moderator   Logged

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: Best Way To Hack HTTP Auth?
« Reply #5 on: September 23, 2015, 08:17:24 am »
I don't think you made a good effort to search about it. The answer exist in our forum itself. I made a comment with a possible bypass of HTTP basic auth. Have a look:

https://evilzone.org/hacking-and-security/http-1-1-basic-authentication-bypass-possible/msg105223/#msg105223

This is one of the way though not always working but depends on how it is configured.
There is no best way except your brains and no specific method, it very on every web application.

Cheeerrzzz!!
Report to moderator   Logged
"Security is just an illusion"
Pages: [1]