Experiment 5 Brute force cracking of weak passwords (use burpsuite to brute force weak passwords)
BurpSuite is an integrated penetration testing tool necessary for information security practitioners. It adopts automatic and semi-automatic testing methods, including Proxy, Spider, Scanner, Intruder, Repeater, Sequencer, Decoder, Comparer and other tool modules . By intercepting HTTP/HTTPS web data packets, acting as a middleman between browsers and related applications, intercepting, modifying, and replaying data packets for testing is a necessary Swiss army knife for web security personnel.
Use Burp Suite tools to brute force weak passwords.
experimental environment One
server (login: http://www.any.com/fwcms/admin/login.php) one client
Start apache, mysql
Check the database
! [Insert the picture description here](https://img-blog.csdnimg.cn/20210602093452803.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNQZNTFx16NzV0Lsize,color
Put the written website in the www directory
New database cms
Browser login 192.168.232.130
Step 1: Enter the console of the client.
Open the browser login page, and the browser jumps to the normal login interface. The browser URL is 192.168.232.133/cms/admin/login.php
Find the [Experimental Tools] folder on the desktop, double-click to open it, and then double-click [Burp] to open Burp Suite.
Add the extension FoxyProxy to the browser and modify the network proxy.
The HTTP proxy is 127.0.0.1, the port number is 8080, [OK] to save.
Then enter the known user name admin in the login interface of the browser, enter the password at will, and click "Login", BurpSuite will automatically grab the data packets sent from the page to the server.
The browser URL is 192.168.232.133/cms/admin/login.php
Step 2: In the captured package content interface, right-click and select "Send to Intruder" to send the package content to the Intruder interface.
Step 3: Enter the Intruder interface. The content of the Target small interface does not need to be changed.
Step 4: Go to the Positions interface, select "Clear §", and remove the content to be cracked by default. Then select the password "123" and click "Add §" to add the cracked content. Since there is only one crack, choose “Sniper” for “Attrack type”; if crack more than one, choose “Cluster bomb”.
Step 5: Go to the Payloads interface to add a data dictionary. If you are cracking multiple parameters, you can click to select "2", "3", etc. in "Payload set" to switch to add a data dictionary.
You can add a single password to the dictionary after "Add".
Step 6: After adding the data dictionary, select "Intruder" and "Start attack" to start the attack.
Step 7: Generally, the login page will jump to the homepage of the website, so the status code returned by HTTP is generally "302". Judging from the cracking result, the password is found to be "123456" at the end of the result.
Step 8: Turn off the burp interception or restore the browser proxy, and use the "admin/123456" login page 192.168.232.133/cms/admin/login.php to
successfully log in.
The screenshot of successful login is as follows: