Experiment 5 Brute force cracking of weak passwords (use burpsuite to brute force weak passwords)

Experiment 5 Brute force cracking of weak passwords (use burpsuite to brute force weak passwords)

Preliminary knowledge
BurpSuite is an integrated penetration testing tool necessary for information security practitioners. It adopts automatic and semi-automatic testing methods, including Proxy, Spider, Scanner, Intruder, Repeater, Sequencer, Decoder, Comparer and other tool modules . By intercepting HTTP/HTTPS web data packets, acting as a middleman between browsers and related applications, intercepting, modifying, and replaying data packets for testing is a necessary Swiss army knife for web security personnel.
Experimental purpose
Use Burp Suite tools to brute force weak passwords.
Experimental tool
Burp Suite
experimental environment One
server (login: http://www.any.com/fwcms/admin/login.php) one client
experimental steps
Install php

Insert picture description here

Start apache, mysql

Insert picture description here

Check the database
! [Insert the picture description here](https://img-blog.csdnimg.cn/20210602093452803.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNQZNTFx16NzV0Lsize,color

Insert picture description here

Put the written website in the www directory

Insert picture description here

New database cms

Insert picture description here

Import table

Insert picture description here

Browser login 192.168.232.130

Insert picture description here

Step 1: Enter the console of the client.
Open the browser login page, and the browser jumps to the normal login interface. The browser URL is 192.168.232.133/cms/admin/login.php

Insert picture description here

Find the [Experimental Tools] folder on the desktop, double-click to open it, and then double-click [Burp] to open Burp Suite.
Add the extension FoxyProxy to the browser and modify the network proxy.
The HTTP proxy is 127.0.0.1, the port number is 8080, [OK] to save.

Insert picture description here


Insert picture description here

Then enter the known user name admin in the login interface of the browser, enter the password at will, and click "Login", BurpSuite will automatically grab the data packets sent from the page to the server.
The browser URL is 192.168.232.133/cms/admin/login.php

Insert picture description here

Step 2: In the captured package content interface, right-click and select "Send to Intruder" to send the package content to the Intruder interface.

Insert picture description here

Step 3: Enter the Intruder interface. The content of the Target small interface does not need to be changed.

Insert picture description here

Step 4: Go to the Positions interface, select "Clear §", and remove the content to be cracked by default. Then select the password "123" and click "Add §" to add the cracked content. Since there is only one crack, choose “Sniper” for “Attrack type”; if crack more than one, choose “Cluster bomb”.

Insert picture description here

Step 5: Go to the Payloads interface to add a data dictionary. If you are cracking multiple parameters, you can click to select "2", "3", etc. in "Payload set" to switch to add a data dictionary.

Insert picture description here

You can add a single password to the dictionary after "Add".

Insert picture description here

Step 6: After adding the data dictionary, select "Intruder" and "Start attack" to start the attack.

Insert picture description here

Step 7: Generally, the login page will jump to the homepage of the website, so the status code returned by HTTP is generally "302". Judging from the cracking result, the password is found to be "123456" at the end of the result.

Insert picture description here

Step 8: Turn off the burp interception or restore the browser proxy, and use the "admin/123456" login page 192.168.232.133/cms/admin/login.php to
successfully log in.

The screenshot of successful login is as follows:

Insert picture description here