How to Brute-Force with limited trials?

Harrelson · March 16, 2021, 6:36pm

How to Brute-Force Passwords while most of the time you’re only allowed a limited number of tries?

Harrelson · March 18, 2021, 9:21am

Anybody know about this??

hax · March 18, 2021, 6:58pm

It depends which System or Login Shell you using.

wother · March 18, 2021, 7:28pm

Gah! Just got around to replying.

If a web app is secured properly, making a request against it will be difficult in mass numbers. So, think about it, how do you get a password you can hit as many times as you want, without submitting it to the server?

The simplest answer is to sniff the encrypted password and hit it there. This is how we crack WiFi passwords, we move the crack “offline” and crack it locally, then come back and input it after we have done the deed.

For websites, your best bet is reverse-engineering the authentication API. This is not easy, but is something you should know how to do. Find how the view layer is interacting with the database layer, and see if you can get information that you otherwise would not have.

Social engineering is also an option, putting up a fake MITM passthrough and grabbing the password in plaintext as they connect to your fake site. Also a tool you should have in your bag.

But the best is exploiting the endpoint. Getting the auth token as they are logging in and using THAT to do what you need to do. There are many ways to do this, all without the need to brute force the frontend.

hax · March 19, 2021, 4:02am

Im not that good in explain it that easy so everybody understand that.

wother · March 19, 2021, 4:10am

um… ok… google is your friend?

But the best TL;DR would be “find a way to brute force offline as opposed to hitting the server.”

HOW that happens, is up to you to figure out. THAT is your homework. I’m not going to do a walkthrough here in the comments…

hax · March 19, 2021, 4:14am

Boah, that was mean of you Of course wother. I know how things working but explain it easy as possible isn’t a part of me. sometimes my friends where not that techy, telling me, they didnt understood what iv explained…

Harrelson · March 20, 2021, 7:54pm

thank you
I just once thought even this would become like other forums, getting dead for many days and we would get answers after so many days or months
But it didn’t, thank you for replying

Though this was very nice and sound explanation, thanks

proffapt · May 9, 2021, 3:22pm

not until @th3profess0r @wother and @Th3Director are alive

proffapt · May 9, 2021, 3:23pm

one suggestion can be of using proxy to hit the frontend directly

but as wother said hitting the thing “offline” is always the best.