Re: [PEN-TEST] Web site password guessing over SSL

From: Jason Brvenik (jbrvenikat_private)
Date: Fri Apr 13 2001 - 09:16:41 PDT

  • Next message: Barber, Chris: "Re: [PEN-TEST] Cybercop"

    you could also use perl and Crypt::SSLeay
    
    -----Original Message-----
    From: ET LoWNOISE [mailto:etat_private]
    Sent: Thursday, April 12, 2001 10:23 PM
    To: PEN-TESTat_private
    Subject: Re: [PEN-TEST] Web site password guessing over SSL
    
    
    Maybe this can help you
    
    If you need the source code just let me know
    http://packetstorm.securify.com/Win/sslcrack.zip
    or
    http://packetstorm.securify.com/groups/lownoise/
    for a short description
    
    bye
    
    Efrain 'ET' Torres
    [LoWNOISE]
    
    Gerald wrote:
    
    > Our client wants us to try to brute-force one of their public web sites that
    > is password-protected via a form-based login over SSL.  I'd rather not have
    > to sit by the computer manually typing in passwords over and over again.
    > I've looked at the 'popular' web page cracking tools, and none of them seem
    > to work over SSL.
    >
    > Does anybody have any ideas?
    >
    > Gerald Batten
    > Security Consulant
    > Exocom
    >
    > (*note:  views expressed in this e-mail are not necessarily those of my
    > employer.)
    > (**note: views expressed in this e-mail are not necessarily mine either.)
    >
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:50:48 PDT