Using brutus to hack websites???

[ScHacker23]

I need help about using Brutus to hack websites. I tried hacking in an unsecured website,I typed in username "Michael" then almost in a second it hacked in and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this, When I try once more it crashes. There's also one more problem, the attack status isn't very clear. At that time my preferences were:

Target: I dont set it cuz i use form http; Type: HTTP (Form)
Modify Sequence:
Target form: http://justbasic.conforums.com/index.cgi?action=login
I used learn form settings and selected the username and pass cookie, then I clicked ok

Port = 80
connection = 60 ; timeout = 60
Target: http://justbasic.conforums.com/index.cgi?action=login
no proxy
method - POST; Keep alive ; Fake cookies ; encode
use username, single user = (The user)
World List(Dictionary attack), i have a word list containing 165533 passwords

when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!! . I'm using windows 7 ultimate and the attack status bar that shows the time left and all is not visible.

How to use it, i don't know, I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com", HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.

-n00b hacker and script kiddie

[Cool_Fire]

and said the password was 777777 or 123456789 etc, its all nonsense, no one uses a password like this

People really do. But that's not the point.

Target form: http://justbasic.conforums.com/index.cgi?action=login

This specific form has a hidden field that you need to submit along. I'm not so sure brutus does that.
It may well be purposely giving you false positives as a method to ward of brute force attempts when this field is not submitted. Besides that there's a lot of javascript on the page. I don't know for a fact if any of it will hinder the login process, but I do know for a fact Brutus does not process javascript. So if it is part of the login process, it'll never work in Brutus.
Also, did you set proper values for the responses Brutus should expect? I don't see anything about you modifying those in the settings you mentioned. (If I remember right they're called primary and secondary response in the form settings.)

when i clicked start it in almost in a second it cracked and said the password was "a1b2c3d4e6". I tried again AND IT CRASHED!!

Never had this problem myself so I can't say for sure why it's happening. Download a fresh copy of Brutus or try it on a different PC.

I've also tried POP3 to crack yahoo (pop3.yahoo.com) but it said "Unable to verify target pop3.yahoo.com"

Almost all POP servers these days have throttling to defuse brute force attempts. I know for a fact Yahoo's do. Practically this means it'll take you several lifetimes if you'd want to brute force even one account.
Since Brutus is quite old it's also entirely possible it's just not compatible anymore with some more modern POP3 servers. Yahoo may even require SSL these days.
Also it's probably worth mentioning that yahoo's pop server is pop.mail.yahoo.com, not pop3.yahoo.com.

HOW TO USE THIS TOOL!!!, I need help guys anyone who knows please tell me.

This page explains it about as well as you're likely to find.

[ScHacker23]

Thank you very much for your attention! I tried 'pop.mail.yahoo.com' and it works perfect. I downloaded a packet sniffer to make sure that Brutus is working, I think I will certainly hack in few days.
Thanks!

[black7floyd]

Brutus is just a step by step hacker tool. I don’t trust it as well. I mean, it says so much like brute force break up techniques, but, all that it does is a social and ethical hacking. I just don’t believe this.





-----------------------------
BLACK FLOYD
-----------------------------

[Alex1999]

hello. Is it possible to hack https account using brutus? or just http?

[Cool_Fire]

hello. Is it possible to hack https account using brutus? or just http?

Brutus can do https, but since it's not been updated in over two decades there's a good chance you'll have problems with supported versions and ciphers. If you want to do a brute force attack against an https site you're better off using a maintained tool like thc hydra or OWASP ZAP.