Acunetix - Scan Your Website For Vulnerabilities
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

How to brute force HTTP POST with token appended to password

What's the best way to setup a home network? Why should I care about BGP?
Post a reply

How to brute force HTTP POST with token appended to password

Post by starleaf1 on Tue Apr 24, 2012 9:23 am
([msg=65938]see How to brute force HTTP POST with token appended to password[/msg])

I've been messing around with my (undeployed) website. I downloaded one of those pre-configured systems. From what I figured out, it shows a form to user into which users input their ID and password. When user submits, the two fields' values are passed via JavaScript to an other hidden form. The ID is passed as is, but the password is combined with several characters--which are generated randomly upon the request of the login page--in front of and at the back, the combination is then MD5'd.
The ID and the 'tokenized' password then posted to the server.

Is there any way I can brute force this thing? Preferably not by hand.
starleaf1
New User
New User
 
Posts: 1
Joined: Mon Apr 23, 2012 5:29 am
Blog: View Blog (0)

Re: How to brute force HTTP POST with token appended to password

Post by centip3de on Tue Apr 24, 2012 7:10 pm
([msg=65943]see Re: How to brute force HTTP POST with token appended to password[/msg])

starleaf1 wrote:I've been messing around with my (undeployed) website. I downloaded one of those pre-configured systems. From what I figured out, it shows a form to user into which users input their ID and password. When user submits, the two fields' values are passed via JavaScript to an other hidden form. The ID is passed as is, but the password is combined with several characters--which are generated randomly upon the request of the login page--in front of and at the back, the combination is then MD5'd.
The ID and the 'tokenized' password then posted to the server.

Is there any way I can brute force this thing? Preferably not by hand.


Well, yes. You could write a brute forcer to try every password/user combo under the sun. I don't understand the question here..
I am c0bra2's idiotic bitch. (I lost a bet)
User avatar
centip3de
Addict
Addict
 
Posts: 1216
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)
Post a reply

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel