Practical exercises

Allikas: Lambda

Password and Brute-Force Attacks

Task 1

  • Some hints how you could identify the "secret" page (the name of the link is based on the password of Sid Jones)
Step1, on command line:
	echo {a..z}{a..z}{a..z} >> words.txt

Step2, in bash script:
	for i in $(cat words.txt)
	do
	wget "http://TARGETIP/"$i".html"
	done;

Step3, run the bash script on command line:
	./yourscript

Task 2

Use the following dictionary

Task 3

  • Firstly, locate tomcat application manager interface and get valid credentials to this manager.
  • Use root and master as usernames for all the accounts you have to guess/crack during this task
  • Use the following password list http://cma.ex/1000-passwords.txt
Pärit leheküljelt "http://lambda.ee/w/index.php?title=Practical_exercises&oldid=8470"