The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Obtain a list of enumerated or common usernames and a list of common

Download 5,76 Mb. Pdf ko'rish bet 242/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• If you are targeting several usernames at once, it is usually preferable to

Obtain a list of enumerated or common usernames and a list of common passwords. Use any information obtained about password quality rules to tailor the password list so as to avoid superfluous test cases. ■ Use a suitable tool or a custom script to quickly generate login requests using all permutations of these usernames and passwords. Monitor the server’s responses to identify login attempts that are successful. Chapter 13 describes in detail various techniques and tools for performing cus- tomised attacks using automation. ■ If you are targeting several usernames at once, it is usually preferable to perform this kind of brute-force attack in a breadth-first rather than a depth-first manner. This involves iterating through a list of passwords (starting with the most common) and attempting each password in turn Download 5,76 Mb. Do'stlaringiz bilan baham: