I do svn up. The new code works fine with form and POST var (I tested it)
but has false positives, example:
*Found authentication credentials to: "http://127.0.0.1/chek/index.php";. The
correct password is: "vetal". This vulnerability was found in the request
with id 100. *
POST http://127.0.0.1/chek/index.php with data: "passwd=123p4ss" returned
HTTP code "200" - id: 101
No grep for : http://127.0.0.1/chek/index.php , the plugin sent
grepResult=False.
POST http://127.0.0.1/chek/index.php with data: "passwd=1q2w3e" returned
HTTP code "200" - id: 102
No grep for : http://127.0.0.1/chek/index.php , the plugin sent
grepResult=False.
*Found authentication credentials to: "http://127.0.0.1/chek/index.php";. The
correct password is: "1q2w3e". This vulnerability was found in the request
with id 102.*
POST http://127.0.0.1/chek/index.php with data: "passwd=passwd" returned
HTTP code "200" - id: 103
No grep for : http://127.0.0.1/chek/index.php , the plugin sent
grepResult=False.
*Found authentication credentials to: "http://127.0.0.1/chek/index.php";. The
correct password is: "passwd". This vulnerability was found in the request
with id 103. *
POST http://127.0.0.1/chek/index.php with data: "passwd=a5dd5a" returned
HTTP code "200" - id: 104
No grep for : http://127.0.0.1/chek/index.php , the plugin sent
grepResult=False.
*Found authentication credentials to: "http://127.0.0.1chek/index.php";. The
correct password is: "a5dd5a". This vulnerability was found in the request
with id 104. *
*The real password is: vetal
*And not works if the form is with GET and:
index.php with password field and when submit this, redirects to
check_password.php?password=*
*In this case. w3af try index.php?password= and not
check_password.php?password=* *
I don't know if I explained well ... my English is bad. Sorry.
Thanks!
2010/2/12 Andres Riancho <[email protected]>
> On Fri, Feb 12, 2010 at 12:16 PM, <[email protected]> wrote:
> > wow!
> >
> > Thanks Andres!! I'll wait!
>
> Ok, it took me more than expected, but I was able to do it. Please
> perform a "svn up" in order to get the new code that supports password
> only form bruteforcing. If you find any bugs, please let me know.
>
> Thanks,
>
> >
> > 2010/2/12 Andres Riancho <[email protected]>
> >>
> >> null0xff0x00,
> >>
> >> I'm working on a login bruteforcer that supports password only forms
> >> right now. If you wait 10 more mins you'll be able to perform a "svn
> >> up" and get the new feature.
> >>
> >> Thanks,
> >>
> >> On Fri, Feb 12, 2010 at 11:53 AM, <[email protected]> wrote:
> >> > Solved!
> >> >
> >> > I use http fuzzer and works... Thanks.
> >> >
> >> > 2010/2/12 <[email protected]>
> >> >>
> >> >> Hello!!
> >> >>
> >> >> I am setting w3af for formAuthBrute but not working. The form only
> has
> >> >> a
> >> >> password box and w3af detects it... but doesn't the brute force
> attack:
> >> >> The
> >> >> configuration of formAuthBrute is default and the output is this:
> >> >>
> >> >> The page language is: en
> >> >> Starting formAuthBrute plugin execution.
> >> >> http://192.168.100.10/index.php detected a form with a password
> field
> >> >> and
> >> >> no username field.
> >> >> http://192.168.100.10/index.php detected a form with a password
> field
> >> >> and
> >> >> no username field.
> >> >> Found 1 URLs and 2 different points of injection.
> >> >> The list of URLs is:
> >> >> - http://192.168.100.10/index.php
> >> >> The list of fuzzable requests is:
> >> >> - http://192.168.100.10/index.php | Method: GET
> >> >> - http://192.168.100.10/index.php | Method: GET | Parameters:
> >> >> (password="")
> >> >> Password profiling TOP 100:
> >> >> - [1] enable with 1 repetitions.
> >> >> - [2] JavaScript with 1 repetitions.
> >> >> - [3] turned with 1 repetitions.
> >> >> - [4] auth with 1 repetitions.
> >> >> - [5] Your with 1 repetitions.
> >> >> - [6] enter with 1 repetitions.
> >> >> - [7] your with 1 repetitions.
> >> >> Finished scanning process.
> >> >>
> >> >> Thanks for help!
> >> >> --
> >> >> - Null
> >> >
> >> >
> >> >
> >> > --
> >> > - Null
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > SOLARIS 10 is the OS for Data Centers - provides features such as
> >> > DTrace,
> >> > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> >> > http://p.sf.net/sfu/solaris-dev2dev
> >> > _______________________________________________
> >> > W3af-users mailing list
> >> > [email protected]
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Founder, Bonsai - Information Security
> >> http://www.bonsai-sec.com/
> >> http://w3af.sf.net/
> >
> >
> >
> > --
> > - Null
> > Sent from Barcelona, Spain
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
--
- Null
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
