How do you write a brute force program in javascript?

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

How do you write a brute force program in javascript?

Post by cwye1801 on Fri Nov 20, 2015 7:26 pm
([msg=90667]see How do you write a brute force program in javascript?[/msg])

I know in general how a brute force program works, but I don't understand exactly how the code would be run. Let's say I had a login to brute force. Would I go into the source code and then add some sort of javascript loop to submit multiple possible passwords and then run that html program? At that point it would just be a matter of submitting a form using javascript (possibly with a variable for "value" in the for loop?) . . .
I guess I'm wondering how a brute force program spams a php page, and I'm guessing it's through some sort of form interception. And yes, I did try google :) but I couldn't find anything that answered really answered that question,
Thanks.
cwye1801
New User
New User
 
Posts: 4
Joined: Thu Jul 23, 2015 3:04 pm
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by PortFondler on Fri Nov 20, 2015 8:56 pm
([msg=90669]see Re: How do you write a brute force program in javascript?[/msg])

i guess it depends on what your trying to brute-force & how the server is set up. and keep in mind that a lot of servers are secure enough that too many failed login attempts from a javascript loop (or any other loop or manual attempts) will either cause an error message or lock you out temporarily. this could be interesting though, to know if there's a way to bruteforce the page without sending a ton of requests
..."Learn from people. Teach people. Do anything that will satiate your need to learn and keep you out of a cell at the same time.

The world is so much bigger than some person's inbox" ~Goatboy
User avatar
PortFondler
New User
New User
 
Posts: 25
Joined: Sun Nov 08, 2015 12:49 pm
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by pretentious on Fri Nov 20, 2015 10:04 pm
([msg=90671]see Re: How do you write a brute force program in javascript?[/msg])

PortFondler wrote:this could be interesting though, to know if there's a way to bruteforce the page without sending a ton of requests

HTTP is a stateless protocol. Whether it be ajax, video streaming, or pulling HTML from wikipedia or a login form post, every client interaction with the server is pretty much obvious and can't really be... You can't save bandwidth or avoid leaving prints.

There are a few ways to approach a webpage. One is to get a dump of the database and get the password hash and brute force it locally. the other would be to use something like hydra. never looked into it but I think that's built for this, Or to script the login request and check if the request was successful. Wouldn't use js for this.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1217
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by -Ninjex- on Sat Nov 21, 2015 9:02 am
([msg=90679]see Re: How do you write a brute force program in javascript?[/msg])

cwye1801 wrote:then run that html program?


There is no such thing as an HTML program.


However, with your general assumptions you are pretty much close. You would loop through a list of usernames and passwords most likely (unless you are attacking one user, then you just need passwords) propagate the form fields with these values and any other values if needed (such as hidden values or session tokens that may be there to prevent XSRF attacks in some cases) You would then send the request, and have another function likely to check if the login was invalid, you would do this by parsing data from the response page, which usually will have explicit indications of a valid or invalid login attempt.

JavaScript would likely be meh at this, and there are better tools already designed for this as pretentious pointed out.

I also moved this to the correct location. For future reference, we have Computers > Programming for questions regarding programming, and Missions > Programming for programming related missions
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by cwye1801 on Sun Nov 22, 2015 3:17 pm
([msg=90700]see Re: How do you write a brute force program in javascript?[/msg])

Thanks, that pretty much answers my question. By solving it locally you mean finding the hash used and the hashed password (which I think there are applications and whatnot for) and then using a programming language to loop through and then hash various combinations until you match the hashed password. Right?
And if you didn't want to do it locally then you would do basically what I thought except that I was wrong about most of the details.
(Yeah, I guess I posted this in sort of the wrong place- it wasn't specifically to do with a mission though it may be related to some of them)

Thanks.
cwye1801
New User
New User
 
Posts: 4
Joined: Thu Jul 23, 2015 3:04 pm
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by pretentious on Tue Nov 24, 2015 5:17 pm
([msg=90731]see Re: How do you write a brute force program in javascript?[/msg])

Pretty much sounds right
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1217
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: How do you write a brute force program in javascript?

Post by tremor77 on Wed Nov 25, 2015 2:33 pm
([msg=90741]see Re: How do you write a brute force program in javascript?[/msg])

You could use javascript, no need to dismiss it as a web only language, it's just as powerful and useful as python and with things like Node.js you can run a compiled server that will run constantly. just throwing that out there.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests