I need help about using Brutus to hack websites. I tried hacking in an unsecured website,I typed in username "Michael" then almost in a second it hacked in and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this, When I try once more it crashes. There's also one more problem, the attack status isn't very clear. At that time my preferences were:
Target: I dont set it cuz i use form http; Type: HTTP (Form)
Modify Sequence:
Target form: http://justbasic.conforums.com/index.cgi?action=login
I used learn form settings and selected the username and pass cookie, then I clicked ok
Port = 80
connection = 60 ; timeout = 60
Target: http://justbasic.conforums.com/index.cgi?action=login
no proxy
method - POST; Keep alive ; Fake cookies ; encode
use username, single user = (The user)
World List(Dictionary attack), i have a word list containing 165533 passwords
when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!! . I'm using windows 7 ultimate and the attack status bar that shows the time left and all is not visible.
How to use it, i don't know, I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com", HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.
-n00b hacker and script kiddie
Using brutus to hack websites???
- ScHacker23
- Apprentice
- Posts:42
- Joined:Sun Apr 07, 2013 12:37 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Using brutus to hack websites???
People really do. But that's not the point.ScHacker23 wrote:and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this
This specific form has a hidden field that you need to submit along. I'm not so sure brutus does that.ScHacker23 wrote:Target form: http://justbasic.conforums.com/index.cgi?action=login
It may well be purposely giving you false positives as a method to ward of brute force attempts when this field is not submitted. Besides that there's a lot of javascript on the page. I don't know for a fact if any of it will hinder the login process, but I do know for a fact Brutus does not process javascript. So if it is part of the login process, it'll never work in Brutus.
Also, did you set proper values for the responses Brutus should expect? I don't see anything about you modifying those in the settings you mentioned. (If I remember right they're called primary and secondary response in the form settings.)
Never had this problem myself so I can't say for sure why it's happening. Download a fresh copy of Brutus or try it on a different PC.ScHacker23 wrote:when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!!
Almost all POP servers these days have throttling to defuse brute force attempts. I know for a fact Yahoo's do. Practically this means it'll take you several lifetimes if you'd want to brute force even one account.ScHacker23 wrote:I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com"
Since Brutus is quite old it's also entirely possible it's just not compatible anymore with some more modern POP3 servers. Yahoo may even require SSL these days.
Also it's probably worth mentioning that yahoo's pop server is pop.mail.yahoo.com, not pop3.yahoo.com.
This page explains it about as well as you're likely to find.ScHacker23 wrote:HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
- ScHacker23
- Apprentice
- Posts:42
- Joined:Sun Apr 07, 2013 12:37 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Using brutus to hack websites???
Thank you very much for your attention! I tried 'pop.mail.yahoo.com' and it works perfect. I downloaded a packet sniffer to make sure that Brutus is working, I think I will certainly hack in few days.
Thanks!
Thanks!
You may stop this individual, but you can't stop us all... after all, we're all alike.
-
- Strike 2
- Posts:8
- Joined:Fri Oct 12, 2012 12:04 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Using brutus to hack websites???
Brutus is just a step by step hacker tool. I don’t trust it as well. I mean, it says so much like brute force break up techniques, but, all that it does is a social and ethical hacking. I just don’t believe this.
-----------------------------
BLACK FLOYD
-----------------------------
-----------------------------
BLACK FLOYD
-----------------------------
-
- n00b
- Posts:1
- Joined:Wed Feb 23, 2022 7:59 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Using brutus to hack websites???
hello. Is it possible to hack https account using brutus? or just http?
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Using brutus to hack websites???
Brutus can do https, but since it's not been updated in over two decades there's a good chance you'll have problems with supported versions and ciphers. If you want to do a brute force attack against an https site you're better off using a maintained tool like thc hydra or OWASP ZAP.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.