On Fri, Feb 12, 2010 at 12:16 PM, <[email protected]> wrote: > wow! > > Thanks Andres!! I'll wait!
Ok, it took me more than expected, but I was able to do it. Please perform a "svn up" in order to get the new code that supports password only form bruteforcing. If you find any bugs, please let me know. Thanks, > > 2010/2/12 Andres Riancho <[email protected]> >> >> null0xff0x00, >> >> I'm working on a login bruteforcer that supports password only forms >> right now. If you wait 10 more mins you'll be able to perform a "svn >> up" and get the new feature. >> >> Thanks, >> >> On Fri, Feb 12, 2010 at 11:53 AM, <[email protected]> wrote: >> > Solved! >> > >> > I use http fuzzer and works... Thanks. >> > >> > 2010/2/12 <[email protected]> >> >> >> >> Hello!! >> >> >> >> I am setting w3af for formAuthBrute but not working. The form only has >> >> a >> >> password box and w3af detects it... but doesn't the brute force attack: >> >> The >> >> configuration of formAuthBrute is default and the output is this: >> >> >> >> The page language is: en >> >> Starting formAuthBrute plugin execution. >> >> http://192.168.100.10/index.php detected a form with a password field >> >> and >> >> no username field. >> >> http://192.168.100.10/index.php detected a form with a password field >> >> and >> >> no username field. >> >> Found 1 URLs and 2 different points of injection. >> >> The list of URLs is: >> >> - http://192.168.100.10/index.php >> >> The list of fuzzable requests is: >> >> - http://192.168.100.10/index.php | Method: GET >> >> - http://192.168.100.10/index.php | Method: GET | Parameters: >> >> (password="") >> >> Password profiling TOP 100: >> >> - [1] enable with 1 repetitions. >> >> - [2] JavaScript with 1 repetitions. >> >> - [3] turned with 1 repetitions. >> >> - [4] auth with 1 repetitions. >> >> - [5] Your with 1 repetitions. >> >> - [6] enter with 1 repetitions. >> >> - [7] your with 1 repetitions. >> >> Finished scanning process. >> >> >> >> Thanks for help! >> >> -- >> >> - Null >> > >> > >> > >> > -- >> > - Null >> > >> > ------------------------------------------------------------------------------ >> > SOLARIS 10 is the OS for Data Centers - provides features such as >> > DTrace, >> > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW >> > http://p.sf.net/sfu/solaris-dev2dev >> > _______________________________________________ >> > W3af-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> > >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ > > > > -- > - Frank > Sent from Barcelona, Spain -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
