O'Reilly logo

Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Refining a brute's vocabulary

Many of the attacks we've seen above attempt to hijack the sessions, trick users into establishing sessions on their behalf, or otherwise exploit the application's inability to enforce rules around them. Eventually, we're going to find a case where we need to address the elephant in the room and just guess the password. There is a plethora of tools that can attempt this very fundamental task, but, in general, they approach it the same way--iterating via wordlists generated either through full brute-force engines (using crunch, for instance), refined wordlists and syllable engines (John the Ripper, THC-Hydra, and so on), and even by using prehashed solutions (using rainbow tables and similar ones).

For Web applications, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required