Dictionary attack
Tests with all possible passwords begin with words that have a higher possibility of being used as passwords, such as names and places. This method is the same as we did for injections.
We can read the password from a dictionary file and try it in the application as follows:
with open('password-dictionary.txt') as f:
for password in f:
try:
# Use the password to try login
print "[+] Password Found: %s" % password
break;
except :
print "[!] Password Incorrect: %s" % password
Here we read the dictionary file and try each password in our script. When a specific password works it will print it in the console.
Tip
You can download the whole list of fuzz database here: https://github.com/fuzzdb-project/fuzzdb.
