cybNg.com

Mutillidae Brute-force

Previous Next

Where the hacker uses several usernames and passwords to login, known as brute-force


How to do Bruteforce attack

By the way there are many tools available to do Bruteforce, but we will use a great tool here which is the tool of Kali linux called Hydra.

💡 Brute Force attack is an attack that applies the gassed name, but think through an argument, it will take a lot of time but will definitely log in

Hack using Hydra tool

Example Security label : 0,1 & 5

  1. First open Hydra tool in kali linux
  2. Now copy the URL of the form where the form is being posted.
  3. Check the three parameters(username/password/message) of the form and do it according to the Hydra tool
[email protected]~: hydra-L /root/Desktop/userlist.txt -P /root/Desktop/passwordlist.txt locolhost "/mutillidae/index.php?username=^USER^&password=^PASS^&login-php-submit-button=Login:Password incorrect"
  • /root/Desktop/password.txt : The password.txt is a dictonary many password list
  • /root/Desktop/username.txt : The username.txt is a dictonary many username list
  • /mutillidae/index.php?username=^USER^&password=^PASS^&login-php-submit-button=Login:Password incorrect : This is form post Url to set parameter

Live hacking example

  1. Create a dictionary file of a username list, or download it from what I have Download now
  2. Create a dictionary file of a password list, or download it from what I have Download now
  3. Now you follow the given example and use the location of the username and password file correctly.
  4. If the username and password match with the file you have given, then you will immediately get it in green color, as seen in the example.
  5. Always remember one thing, it takes time to make brute force, this Depend is on the file given by you, according to the username and password will be

After being finally bruteforce, you got the list of username and password. Now try to Login

💡 Tip: Bruteforce takes too long, it depends on the user's name and password dictionary list, so please be patient


Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.