keepingshhhtum Posted June 13, 2010 Share Posted June 13, 2010 Hi, been trying to learn how to do this myself, but can't figure it out. Im looking at running a brute force password hack on a webmail account. Any ideas on what/how to do? Im running Mac OSX Peace Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 13, 2010 Share Posted June 13, 2010 Hi, been trying to learn how to do this myself, but can't figure it out. Im looking at running a brute force password hack on a webmail account. Any ideas on what/how to do? Im running Mac OSX Peace One post. Let's start off with what did you research? Second, brute forcing any account now is worthless due to they will lock the webmail account and probably ban your IP address for too many requests. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 13, 2010 Share Posted June 13, 2010 (edited) Brute forcing any web service nowadays would be virtually impossible. After 3 or 5 attempts of brute forcing the account, it would get locked out and the IP address of the computer brute forcing the service banned. Now if you head over to Google and type "HTTP Bruce Force" you will get list of options to choose from. You might be able to download some tools. Now if you are using your own web mail set up at home, you may disable the account lock out policy just to try out the tool and see how it works. Secondly but not least, some Anti-Virus programs could detect it as being infected so caution is a must. Good luck. Regards, Infiltrator Edited June 13, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
greendixy Posted June 14, 2010 Share Posted June 14, 2010 @keepingshhhtum i have a few codes in perl that does some brute force i can eather post it here or give you a link to them later on im sure if you look at the codes you can modify them to "Test on your own server" Quote Link to comment Share on other sites More sharing options...
nykon Posted June 14, 2010 Share Posted June 14, 2010 A better tactic would be to gain access to the computer/network of the person using the account (who I am assuming is yourself or someone who has authorised you to do so) and use SSLStrip to sniff out the password. Or use phishing. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 14, 2010 Share Posted June 14, 2010 (edited) A better tactic would be to gain access to the computer/network of the person using the account (who I am assuming is yourself or someone who has authorised you to do so) and use SSLStrip to sniff out the password. Or use phishing. I think Ethereal would be ideal in this scenario, since its a man in the middle of attack suite. Edited June 14, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.