Day 75 comes with a write up source related to Zendesk takeover and a good Dafault HTTP hunter :)
Some HTTP Login Brute Forcing
From Sam (CoffeeJunkie). Something like old school that seemed to be amazing was using hydra or medusa in order to bruteforce different kind of services whether is HTTP, FPT, SSH or SMB. Nowadays while practicing some web app testing, there are plenty of login pages that makes me curious about where brute forcing could go. There are several tools that can make some login brute forcing where one of them is BurpSuite, but in this case there is a tool that would make HTTP login brute forcing easier.
Default HTTP Login Hunter would check more than 380 different web interfaces for default credentials. These are some of the web interfaces that it supports.
- Network devices (3Com, Asus, Cisco, D-Link, F5, Nortel..)
- Video cameras (AXIS, GeoVision, Hikvision, Sanyo..)
- Application servers (Apache Tomcat, JBoss EAP..)
- Monitoring software (Cacti, Nagios, OpenNMS..)
- Server management (Dell iDRAC, HP iLO..)
- Web servers (WebLogic, WebSphere..)
- Printers (Kyocera, Sharp, Xerox..)
- IP Phones (Cisco, Polycom..)
- Citrix, NAS4Free, ManageEngine, VMware..
This tool can be found here
That’s it for today, happy taco Tuesday.