Main:
Guide on how to do the brute forcer for Realistic 8
For this one, im assuming:
1.You have access to a server in which you can run php scripts with cURL installed.
2.You have some knowledge on php.
3.You want to learn, not just steal other peoples work.
Ok, so there is 3 main steps to this bruteforcer:
-take password
-test it
-echo answer
We need a dictionary on passwords, you can get them here: http://www.outpost9.com/files/WordLists.html
get a wordlist, name it dic1.txt and upload it to your server, in the same dir as your php script will be.
( 1 ) To select each word we need to use a loop. We will use !feof(). This mean 'Not end of file'. Before this we must open to the file and assign this to a variable:
$fh = fopen("dic1.txt", "r");
The "r" parameter means its read-only.So, after weve opened this, we need to start the loop:
$fh = fopen($dic, "r");
while(!feof($fh)) {
$pass = fgets($fh,1024);
[CODE HERE]
}
The fgets function justs gets the line of the file.
( 2 )Now we need to test the passwords on the url: http://www.hellboundhackers.org/challenges/real8/admin.php
To do this we use the functions included in cURL. If this isnt installed on your box, just ask your server admin nicely :)
I dont want to give this challenge away so im going to leave this bit to you, although i will give you this bit of help:
$curlPost="uname=admin&pword=$pass&Submitted=True";
( 3 ) We must find some words that distinguish a bad login from a successful one, in this case its "Incorrect Username/Password", but "Incorrect" will be enough.
To search the contents of our received page will use the eregi() function where $data is the contents of the retrieved page.
$result = eregi("Incorrect", $data);
if ( $result == 0 ) {
echo "$pass3 is the password!";
break;
}
the break statement cancels the while loop, because we dont want to keep searching even after we've found the pass.
Ok, so i hope i havent given too much away. This can be adapted to brute force many web-based login systems. Of course, there are other ways to do this, but this is just the way i did it.
I hope this helped,
Thanks,
Will.
1.You have access to a server in which you can run php scripts with cURL installed.
2.You have some knowledge on php.
3.You want to learn, not just steal other peoples work.
Ok, so there is 3 main steps to this bruteforcer:
-take password
-test it
-echo answer
We need a dictionary on passwords, you can get them here: http://www.outpost9.com/files/WordLists.html
get a wordlist, name it dic1.txt and upload it to your server, in the same dir as your php script will be.
( 1 ) To select each word we need to use a loop. We will use !feof(). This mean 'Not end of file'. Before this we must open to the file and assign this to a variable:
$fh = fopen("dic1.txt", "r");
The "r" parameter means its read-only.So, after weve opened this, we need to start the loop:
$fh = fopen($dic, "r");
while(!feof($fh)) {
$pass = fgets($fh,1024);
[CODE HERE]
}
The fgets function justs gets the line of the file.
( 2 )Now we need to test the passwords on the url: http://www.hellboundhackers.org/challenges/real8/admin.php
To do this we use the functions included in cURL. If this isnt installed on your box, just ask your server admin nicely :)
I dont want to give this challenge away so im going to leave this bit to you, although i will give you this bit of help:
$curlPost="uname=admin&pword=$pass&Submitted=True";
( 3 ) We must find some words that distinguish a bad login from a successful one, in this case its "Incorrect Username/Password", but "Incorrect" will be enough.
To search the contents of our received page will use the eregi() function where $data is the contents of the retrieved page.
$result = eregi("Incorrect", $data);
if ( $result == 0 ) {
echo "$pass3 is the password!";
break;
}
the break statement cancels the while loop, because we dont want to keep searching even after we've found the pass.
Ok, so i hope i havent given too much away. This can be adapted to brute force many web-based login systems. Of course, there are other ways to do this, but this is just the way i did it.
I hope this helped,
Thanks,
Will.
Posted by 
