Cracking HTTP passwords
In this recipe, we will crack HTTP passwords using the THC-Hydra password cracker (Hydra). Access to websites and web applications are generally controlled by username and password combinations. As with any other password type, users typically type in weak passwords.
Getting ready
A connection to the Internet or intranet and a computer that we can use as our victim are required to complete this recipe.
How to do it...
Let's begin the process of cracking HTTP passwords.
From the Start menu, select Applications | Kali Linux | Password Attacks | Online Attacks | hydra-gtk.
Now that we have Hydra started, we will need to set our word lists. Click on the Passwords tab. We will use a username list and a password list. Enter the location of your username and password lists. Also select Loop around users and Try empty password.
Username List:
/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/names/nameslist.txtPassword List:
/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user...
