Shulou(Shulou.com)06/01 Report--

Next, we use the Intruder module of Burpsuite to violently crack the password.

First enter the user name admin, enter an arbitrary password, such as 123, and then intercept the packet.

The intercepted packet is "Send to Intruder", and then the variable to be cracked is set in the Position option. Burpsuite automatically sets many variables, click the "Clear" button to clear all the default variables, then select password 123 and click the "Add" button to set it to the variable that needs to be cracked.

Since there is only one variable, the "Attack type" * * type is selected here as Sniper.

Then set it in the "Payloads" option, and because there is only one variable, "Payload set" is automatically set to 1, and "Payload type" is set to "Brute forcer" here. Set the character set used for brute force cracking and the minimum and maximum password length in "Payload Options" below.

Finally, you can start brute force cracking by selecting "Intruder/Start attack" in the menu bar.

Of course, this kind of pure violence takes a long time to crack, and a better way is to use a password dictionary. Set "Payload type" to "Runtime file" in "Payload Sets", and then select the dictionary file in "Payload Options". From the prompt of "Payload count", you can see that there are 54843 passwords in this dictionary. Note that Burpsuite does not support Chinese, and the file name and path here should be in English. After the setting is complete, also select "Intruder/Start attack" to start cracking.

The length of the cracking time depends on the size of the password dictionary and the computing power of CPU. After cracking, you can find the correct password through different length.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.