Jump to content

In need of a good HTTP brute forcer.

Mr Andrewson

By Mr Andrewson
in Security

 Share

Recommended Posts

moonlit Newbie

moonlit

Posted
Posted

Look, please, we're trying to be nicer to users on here, but you're really making it difficult. Our intention is to help you, but if you'd only omitted the part about revenge... Just... *sigh* ...look, just... lie to us in future, right?

Link to comment
Share on other sites
Deveant Newbie

Deveant

Posted
Posted

Ok, for the last past half hour ive been reading all the post about the 'elitists' being nicer and such, though the post that stuck out most was either by moonlit or Vako, cant quite member, either way it was explain aspects of the question / answer so that the questionieer can learn. Lets give it a shoot.

So i take it that you wanna hack his hotmail back by Brute force, well theres a huge issue there, Hotmail is own and ran by Microsoft, hence there backed by big money, therefore good / great programmers. In aspect of this, does it seem like there may be some kinda of security in place to stop a simple brute force?

Simply your not going to be able to brute force the password, your going to need to look for an alternative to gaining his password.

<jk> My faviorite way of getting passwords is to hide in the open roof, and drill a hole looking down on the keyboard, that way i can just watch when the type there passwords in.</jk>

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted
Just a bit of revenge I need to sort out, this guy got into my hotmail, there are no exploits for his site either, so this is a last plan, so I need a brute forcer, I did download Hydra but it showed as a worm, is that because it's a brute forcer or?
...I'm only helping because I said I would...  Sigh...

hydra IIRC only works on servers not webapps... and hotmail requires captha to It's impossible to hax!

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted

Urgh.

I'm not entirely sure what the question is, but if you're trying to "hack" his hotmail back, please see:

http://forums.hak5.org/index.php/topic,7616.0.html

http://forums.hak5.org/index.php/topic,3264.0.html

http://forums.hak5.org/index.php/topic,2916.0.html (I'd forgotten about that one, thanks for reminding me.)

http://forums.hak5.org/index.php/topic,1481.0.html

(From http://forums.hak5.org/index.php/topic,8296.0.html: )

  • [li]
How to hack someone's passwords/accounts for:
  • [li]
Hotmail/Yahoo/Gmail/email[/li]

[li]MSN/Y!IM/AIM/IM[/li]

[li]MySpace/Facebook/Bebo/social networking[/li]

[li]Someone's computer or network[/li]

[li]Online games[/li]

[/li]

No, we won't help you see the emails you think your ex-girlfriend's brother's dog's friend's owner's next door neighbour is getting. It's their email, not yours. Not only is this a moronic waste of time, you're never going to hack Hotmail or gmail or Yahoo! Mail or [insert mail service] because all the password checking is done at the back end. Yes, it's possible to obtain the information without hacking the servers but we're not going to tell you how.

If not, my apologies, disregard this post or forward it to your friend.

If, however, you're attempting to attack his personal site, the best I can give you is a recommendation against trying. It's probably possible, there's always a way in, but it depends what his server is running, how his site is coded and if it takes passwords, how it handles those passwords.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Trying to brute force Hotmail is pretty common knowledge that most any site (not just Hotmail) will block you after too many failed attpemts. Especially when they often use a captcha for authentication. Cookes are also something they require for authentication.

Hotmail will revoke your session after a few failed login attpemts. After the timeout, if you continue, it blocks you again and eventually each time you come back, your blocked by IP getting the message that too many failed attepmts were made. This does nothing other than getting yourself banned from the website and log your attempts.

Basic googling is your best bet for just hacking in general, since most of this will be something you should already know by now. I'll probably get flamed for this but to be nice (and probably have my post removed by one of the mods, which I totally understand, but here goes anyway) my best solution is to do the enumeration on the person in question FIRST. And since I am being nice, try using the password reset challenge question, not just on Hotmail, but for some other sites you might know he/she visits. Once you figure out the password somewhere else, like their PC, favorite websites, etc, then there is a slight chance he/she uses the same password for Hotmail.

Again, this is pretty basic stuff that you should be well read up on or know about if visiting the forums as long as you have. As I recall, you have not been too responsible in the past with ANY form of knowledge in this area: http://forums.hak5.org/index.php/topic,6216.msg66679.html

Quote from: "moonlit"

Note to self: Hurt Mr Andrewson very, very badly.

Link to comment
Share on other sites
sablefoxx Newbie

sablefoxx

Posted
Posted
Just a bit of revenge I need to sort out, this guy got into my hotmail, there are no exploits for his site either, so this is a last plan, so I need a brute forcer, I did download Hydra but it showed as a worm, is that because it's a brute forcer or?

First off, if someone you know gets into your hotmail,

a) Why the fuck are you using hotmail?

b) You're an idiot and told him your password

c) You were using a simple password and thus you are an idiot

d) He got a keylogger or some other malware on your computer (why are you running programs from people who want to hurt you?)

e) God hates you and decided to delete your email

You'd think after 240+ posts you'd know a little more about this kinda of stuff. 

But if it is help you seek then i will do my best to lend a helping hand.

~Hax0ring~

1) Brute forcing and online account is completely pointless

2) Even using a dictionary attack you'd need A LOT of proxies

3) If you're in windows use Access Driver, or Brutus, in Linux use Hydra GTK, or one of the many others on Back Track 2

4) Even with said programs your chances are next to nothing, your more likely to get into a site by trying one password with many accounts, then many passwords with one account.

5) You're going to be much more successful by employing alternate methods, i.e. Soc. Engineering, Sniffing the Password (if possible), Breaking a Password of his/her on another site, something less secure (FTP/Telnet/etc) this is helpful because many people use the same password on multiple sites

6) Get creative

Now things you need to do(if you haven't already):

1) Change ALL your passwords (you should already be changing them on a regular basis, monthly/quarterly)

2) Use a better password, because your last one was shit (apparently)

3) (Optional) Reformat to remove any potential malware

Also you will need to one up him, just breaking into his  hotmail isn't enough.  Cyberwarfare is like the mob, if he looks at you funny, break his knees.

Good Luck

Link to comment
Share on other sites
GonZor Newbie

GonZor

Posted
Posted

Be a man about this, take half a brick, place it in a long sock and go find where he lives.

As a matter of fact, I do have his address!  :D

Digital revenge only has a limited amount of joy, Knowing his address and presumably a few other things about him you could have much more fun with your revenge...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...