Hello ! I'm new to Null Byte, so don't be too nasty with me ahah. So, this is my problem: Recently, I found a website (https :/) about which I could know the list of all the possible password thanks to the simple template. I see a bruteforce tutorial on Null Byte, but no solution. I did some checking and I found the problem. This is the "form" line:
<form id="authform" name="e1" method="post" action="" onsubmit="javascript: return masterSubmit(this);" autocomplete="off">
It use javascript...(in "onsubmit") and somebody tell me this is a problem. I don't know anything about javascript, so I'm stuck here. I know hydra probably can't bruteforce this website. But an other tool may do it? Thank you a lot for you patience. If you need others informations to solve my problem, tell me.
8 Responses
I really like your title, it's very informative.
You answered your own question when you said "I don't know anything about javascript, so i'm stuck here"
The solution to your problem is:
drums rumbling for tension
Learn JavaScript.
hehe made me giggle,
I change it, sorry. Maybe there is a faster way to do it? I'm learning python so I prefer to don't learn both.
If you want to get into webhacking, learning JavaScript and PHP is a must, not an option.
I also have zero expierence with Javascript but :
It all depends if the website has a login timer on it ( which allows you to login in 3 times every few min ) .. If it does then a brute force / dictionary attack wont work.
And what makes you think that Hydra cant attack your website?
I asked a guy who had made a tutoriel on hydra. And he told me that in his opinion the problem came from the Javascript. And no, there is no timer on this website. But just tell me if you think that this javascript line can be a problem? Because it look like strange to me too. Maybe did I make something wrong in the command. I maybe take a get-form instead of post-form.
Try to analyze what the actual problem is, perhaps firebug can give some answers.
That's where a proxy comes in.
Share Your Thoughts