How to brute force HTTP POST with token appended to password

What's the best way to setup a home network? Why should I care about BGP?

How to brute force HTTP POST with token appended to password

Post by starleaf1 on Tue Apr 24, 2012 9:23 am
([msg=65938]see How to brute force HTTP POST with token appended to password[/msg])

I've been messing around with my (undeployed) website. I downloaded one of those pre-configured systems. From what I figured out, it shows a form to user into which users input their ID and password. When user submits, the two fields' values are passed via JavaScript to an other hidden form. The ID is passed as is, but the password is combined with several characters--which are generated randomly upon the request of the login page--in front of and at the back, the combination is then MD5'd.
The ID and the 'tokenized' password then posted to the server.

Is there any way I can brute force this thing? Preferably not by hand.
starleaf1
New User
New User
 
Posts: 1
Joined: Mon Apr 23, 2012 5:29 am
Blog: View Blog (0)


Re: How to brute force HTTP POST with token appended to password

Post by centip3de on Tue Apr 24, 2012 7:10 pm
([msg=65943]see Re: How to brute force HTTP POST with token appended to password[/msg])

starleaf1 wrote:I've been messing around with my (undeployed) website. I downloaded one of those pre-configured systems. From what I figured out, it shows a form to user into which users input their ID and password. When user submits, the two fields' values are passed via JavaScript to an other hidden form. The ID is passed as is, but the password is combined with several characters--which are generated randomly upon the request of the login page--in front of and at the back, the combination is then MD5'd.
The ID and the 'tokenized' password then posted to the server.

Is there any way I can brute force this thing? Preferably not by hand.


Well, yes. You could write a brute forcer to try every password/user combo under the sun. I don't understand the question here..
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests