PDA

View Full Version : bruteforce_http-login_with_metasploit



zimmaro
06-03-2011, 10:15 AM
hello guys!
in this video (nothing exceptional) I was inspired by the documentation of metsploit / auxiliary / scanner! there is no sound because my old pc crashes with music! if you want to watch it:
http://vimeo.com/24605219.
thanks a lot!:p

qweyzar
07-23-2011, 02:27 AM
Hi great video. I have a question though. When I tried to bruteforce my own routers login I got this error:

192.168.1.1:80 "No URI found that asks for HTTP authentication"

I know for a fact I login to my router through http so what might be the problem here? Thanks.

zimmaro
07-24-2011, 03:39 PM
hi,
what "AUTH_URI " do you set? default is automatic!
look the options: & good luck bye :)
msf > use auxiliary/scanner/http/http_login
msf auxiliary(http_login) > show options

Module options (auxiliary/scanner/http/http_login):

Name Current Setting Required Description
---- --------------- -------- -----------
AUTH_URI no The URI to authenticate against (default:auto)
BLANK_PASSWORDS true yes Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
PASSWORD no A specific password to authenticate with
PASS_FILE /opt/metasploit3/msf3/data/wordlists/http_default_pass.txt no File containing passwords, one per line
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads
USERNAME no A specific username to authenticate as
USERPASS_FILE /opt/metasploit3/msf3/data/wordlists/http_default_userpass.txt no File containing users and passwords separated by space, one pair per line
USER_FILE /opt/metasploit3/msf3/data/wordlists/http_default_users.txt no File containing users, one per line
UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) yes The HTTP User-Agent sent in the request
VERBOSE true yes Whether to print output for all attempts
VHOST no HTTP server virtual host

qweyzar
08-13-2011, 11:00 PM
Since i'm attacking my own router I would put http://192.168.1.1/ as the URI option?

That would be the routers URI, I think.

zimmaro
08-15-2011, 04:55 PM
hi
sorry I did not realize that forces access to routers!
from what little I know I've never done a bruteforce a router with metasploit_http_login! I would use hydra or medusa!
the tests I did were mysql access platform:
xmapp(work fine) and wordpress(work fine to!), etc! Sorry ... and bye:)

zimmaro
08-15-2011, 09:44 PM
hi
EXCUSE I wanted to say that I tested ausiliary / scanners / http / http_login of using XAMPP have authentication of apache server. If you are trying to use
WORDPRESS use: ausiliary / scanners / http / wordpress_login_enum ....should use a platform in mysql(now i'dont remember...)bye:)sorry my language!

ramkicse
08-24-2011, 10:44 AM
i seen the video its very good... when i goto practical session

when set USER_FILE and PASS_FILE to /root/Desktop/user.txt and /root/Desktop/pass.txt respectively. and this files are empty.. Is it correct?
and i set RHOSTS, AND AUTH_URI.

when hit run command
its not works like brute force... its only try 5 user and password and its says that completed .

i want to run brute force(all possible combination) .. please help to provide set by step


thanks

by ramki

zimmaro
08-25-2011, 04:51 PM
ramkicse hi,
You need to create the "dictionaries" user.txt & password.txt as you want!!!!
the greater the amount of "user-line" & "passwd line" the more you increase the number of "probability" of success! Remember to put the RIGHT-ONE! in your"create dictionary". + Large and "targeted" the dictionaries = + number of combinations = a long time of analysis.bye :)