|
Munga Bunga's HTTP Brute Forcer is a utility utilizing the
HTTP protocol to brute force into any login mechanism/system
that requires a username and password, on a web page (or
HTML form).
In simple terms, if you can access an account on the web,
by entering a username and password (or more), then you can
brute force into that account, using this utility.
Brute Forcing is the process of trying various passwords
from a dictionary file (automatically), for a given
username, until the password matches the username.
This method can sometimes be very effective. When you
combine the power of brute forcing, with the functionality
of the program, then you end up with a tool which can be
used for breaking into emails, affiliate programs, web
sites, (any web based accounts), launching DoS attacks,
flood emails, flood forms, flood databases and all that your
imagination can extend too! However, you should note that
DoS attacks and flooding activity is not supported or
documented in the documentation.
The utility only supports Brute Forcing (documentation
wise). It can be used for other purposes, if you know how to
write the definitions to drive those forces.
Definition Files are files ending in the .def extension,
and contain information about a particular server, and the
data to submit to it. Definition files are typically written
by users. They are used to extend the power and capability
of the program, based on your own definitions. However, the
software comes bundled with some definition files.
What does this software do?
For those of you who thought Hotmail and Yahoo were
unhackable, think again!
It's a Brute Forcer, which uses the HTTP protocol to
establish its connections. In English, this means the
program tries various passwords for a given username (called
brute forcing) and verifies whether those passwords are
correct for the given username within the HTTP protocol
(meaning, via web page connections).
You can hack into any form you see on the Internet, this
means any web based email account like Hotmail, Yahoo,
Excite etc… or even affiliate accounts like AllAdvantage,
GoToWorld, LinkExchange, or even actual Web Sites and many
more. Basically, any thing that can be entered via a HTML
form with a password and username, you would be able to
brute force into with my program. The sky is the limit, it
can even be used as a DoS (Denial of Service) program but I
do not encourage such behavior and shall not be held
responsible for your illegal doings.
Ok, so how do I use this thing?
Basically, you must have a password file in order for the
program to attempt, and try to enter the account(s), with
the specified passwords. I included the pass.lst file for a
small password list sample. Typically you would want a
larger password files if the pass.lst doesn't work for you.
More passwords files can be located at The Hackology Network
or directly at
http://packetstorm.securify.com/Crackers/wordlists/.
In addition, you must have a definition file for the form
you want to crack into. Now I have written definition files
for some forms, like the hotmail login form and some others.
However, if you need to crack into another server/form, then
you would need to write your own definition file. Writing
definition files are explained later in this document.
Some Unique Features
A listing of some unique and nice features of this utility.
Multi-threaded support, up to 10 threads at once can be
run. Making the speeds very fast across some servers.
Hack while you sleep. If you disconnect from the internet,
it automatically reconnects and resumes its processes.
Definitions files. Making the software customisable and
powerful.
Many more, in the Manual.
Hyperlink
Homepage: http://www.hackology.com/ |