Using brutus to hack websites???

A safe place for newbies. You won't get flamed here, as long as you've put in some effort before posting (i.e: Google)...
Post Reply
User avatar
ScHacker23
Apprentice
Posts: 42
Joined: Sun Apr 07, 2013 12:37 am

Using brutus to hack websites???

Post by ScHacker23 » Sun Apr 07, 2013 1:18 am

I need help about using Brutus to hack websites. I tried hacking in an unsecured website,I typed in username "Michael" then almost in a second it hacked in and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this, When I try once more it crashes. There's also one more problem, the attack status isn't very clear. At that time my preferences were:

Target: I dont set it cuz i use form http; Type: HTTP (Form)
Modify Sequence:
Target form: http://justbasic.conforums.com/index.cgi?action=login
I used learn form settings and selected the username and pass cookie, then I clicked ok

Port = 80
connection = 60 ; timeout = 60
Target: http://justbasic.conforums.com/index.cgi?action=login
no proxy
method - POST; Keep alive ; Fake cookies ; encode
use username, single user = (The user)
World List(Dictionary attack), i have a word list containing 165533 passwords

when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!! :evil: . I'm using windows 7 ultimate and the attack status bar that shows the time left and all is not visible.

How to use it, i don't know, I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com", HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.

-n00b hacker and script kiddie

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Using brutus to hack websites???

Post by Cool_Fire » Sun Apr 14, 2013 7:21 am

ScHacker23 wrote:and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this
People really do. But that's not the point.
This specific form has a hidden field that you need to submit along. I'm not so sure brutus does that.
It may well be purposely giving you false positives as a method to ward of brute force attempts when this field is not submitted. Besides that there's a lot of javascript on the page. I don't know for a fact if any of it will hinder the login process, but I do know for a fact Brutus does not process javascript. So if it is part of the login process, it'll never work in Brutus.
Also, did you set proper values for the responses Brutus should expect? I don't see anything about you modifying those in the settings you mentioned. (If I remember right they're called primary and secondary response in the form settings.)
ScHacker23 wrote:when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!!
Never had this problem myself so I can't say for sure why it's happening. Download a fresh copy of Brutus or try it on a different PC.
ScHacker23 wrote:I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com"
Almost all POP servers these days have throttling to defuse brute force attempts. I know for a fact Yahoo's do. Practically this means it'll take you several lifetimes if you'd want to brute force even one account.
Since Brutus is quite old it's also entirely possible it's just not compatible anymore with some more modern POP3 servers. Yahoo may even require SSL these days.
Also it's probably worth mentioning that yahoo's pop server is pop.mail.yahoo.com, not pop3.yahoo.com.
ScHacker23 wrote:HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.
This page explains it about as well as you're likely to find.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

User avatar
ScHacker23
Apprentice
Posts: 42
Joined: Sun Apr 07, 2013 12:37 am

Re: Using brutus to hack websites???

Post by ScHacker23 » Sun May 19, 2013 9:51 am

Thank you very much for your attention! I tried 'pop.mail.yahoo.com' and it works perfect. I downloaded a packet sniffer to make sure that Brutus is working, I think I will certainly hack in few days.
Thanks!
You may stop this individual, but you can't stop us all... after all, we're all alike.

black7floyd
Strike 2
Posts: 8
Joined: Fri Oct 12, 2012 12:04 am

Re: Using brutus to hack websites???

Post by black7floyd » Mon May 04, 2015 3:36 am

Brutus is just a step by step hacker tool. I don’t trust it as well. I mean, it says so much like brute force break up techniques, but, all that it does is a social and ethical hacking. I just don’t believe this.





-----------------------------
BLACK FLOYD
-----------------------------

Alex1999
n00b
Posts: 1
Joined: Wed Feb 23, 2022 7:59 am

Re: Using brutus to hack websites???

Post by Alex1999 » Wed Feb 23, 2022 8:09 am

hello. Is it possible to hack https account using brutus? or just http?

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Using brutus to hack websites???

Post by Cool_Fire » Wed Apr 06, 2022 12:33 am

Alex1999 wrote:
Wed Feb 23, 2022 8:09 am
hello. Is it possible to hack https account using brutus? or just http?
Brutus can do https, but since it's not been updated in over two decades there's a good chance you'll have problems with supported versions and ciphers. If you want to do a brute force attack against an https site you're better off using a maintained tool like thc hydra or OWASP ZAP.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply