Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

PHP password cracker...

  1. Home
  2. Forum
  3. Programming
  4. PHP password cracker...

bexus's Avatar

bexus

Member
0 0

Hey… I want to make a PHP password form cracker (for brute- and directory attacking password forms…) I want to be able to just put in the url, the name of the fields and the username… So… I'm asking for your help…. Where should I start? What do I need to use? Please… don't paste fully made code… I don't want to be a script kiddie ;D But you can post ideas and framework… :D Thanks…

-bexus


ghost's Avatar

ghost

0 0

cURL

fopen()

Is that too much or too little?


bexus's Avatar

bexus

Member
0 0

I was pretty sure that I needed cURL… You can tell me more :D Thanks anyway

BTW. I'm not good at cURL so if someone could help me out with that part it would be appriciated :D


ghost's Avatar

ghost

0 0

You could use fopen(), but I'd recommend cURL.


AldarHawk's Avatar

AldarHawk

The Manager
0 0

**Edit: I misread the post :P Sorry for getting everyones hopes up! **


bexus's Avatar

bexus

Member
0 0

And what is that one called? :D


ghost's Avatar

ghost

0 0

Where?


ghost's Avatar

ghost

0 0

and where could one get this opensource 1?


AldarHawk's Avatar

AldarHawk

The Manager
0 0

my mistake…it does MD5 and SHA1 Bruteforcing as stated in my edit…I misread ;)


bexus's Avatar

bexus

Member
0 0

;)


ghost's Avatar

ghost

0 0

well back to the original topic then, im still very interetsed :)


ghost's Avatar

ghost

0 0

If I get time tommorow I'll create a code sample


ghost's Avatar

ghost

0 0

just another thing to keep in mind, don't think anyone else said it, but when you are making, it you have to remember to code your program to be able to detect whether or not the user / pass were correct. for example, login with a user/ pass you already know. see if it gives you a new cookie or something, that is different than when you are not logged in. so then when you do use your bruteforcer, it detects the correct login.


bexus's Avatar

bexus

Member
0 0

yep… I know… Like check the headers…


ghost's Avatar

ghost

0 0

vvvvv[img]http://www.planetclimax.com/pics/f