Go Back   Xisp.org Forums > Porn Password Cracking > Porn Password Cracking Help Section

problme with form@

Reply
Views: 406 - Replies: 4  
Thread Tools Display Modes

problme with form@
Old 08-12-2005, 06:29 AM   #1
joechang
Guest
 
Posts: n/a
Threads: 5107
Default problme with form@

when strart cracking the form login
i found it was quick slow to get the response from the site and then confirm the passes.
Is this my ADSL problem? i have 2M adsl, if i use 10000 combo list, it will all most take one day to complete, i normally use 5 proxy, is that enough?
  Reply With Quote

Old 08-15-2005, 02:16 AM   #2
High|ander
TheURLcrusheR
 
High|ander's Avatar
 
High|ander is offline Offline
Join Date: Jan 2005
Location: Russia
Posts: 4,162
Threads: 106
High|ander will become famous soon enough
Default

And you 5 proxy not fast dead?
__________________
"There can be only one"
"May The Schwartz
Be With You"
  Reply With Quote

Old 08-15-2005, 08:40 AM   #3
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Forms take longer. Must read the data. have patients
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 08-16-2005, 08:55 AM   #4
joechang
Guest
 
Posts: n/a
Threads: 5107
Default

i see,

is that means if it reads the receiving data very slow because of the speed of internet or the computer options or conditions???


and normally how many proxy do i need to run form@ if i have 10000 wordlist
  Reply With Quote

Old 08-16-2005, 09:42 AM   #5
Sigma
Resident knowledge wikipedia
 
Sigma is offline Offline
Join Date: Aug 2005
Location: Massachusetts, USA
Posts: 278
Threads: 2
Sigma is on a distinguished road
Default

Lots of variables, but the main issues are:

- The client (you) sends a POST with whatever data neccessary to the site
- Site parses your posted data and sends a response page
- Client parses response page for keywords to figure out if it's a hit

Now, compare this to a typical bruteforce against basic authentication:

- Client sends a HEAD with u:p in it
- Site sends back response code (401 for miss, 200 for hit, and so on)

Note that there's an extra step, plus the processing time to deal with the request on the server side - dealing with variables is simply more expensive from a processing perspective. Now, add a proxy in the middle of this and you start to see why things take longer. If you try to really beat on a site that uses forms, you're going to have an impact on the performance of that site, and it will likely be noticed.

Now, another problem - form-based sites oftentimes use more rigorous security to deal with crackers. The login page may mainstain a state table to tell the server that it's getting lots of bogus requests, and to start issuing 403s.

Your last question is hard to answer. The obvious answer is as many as possible. And again - see my advise everywhere else - run slowly, rotate every try, and your proxies will last a lot longer. Remember that when you kill a proxy against a site, you kill it for everyone else as well.
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 12:54 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org