Tools: burpsuite
1.low level
Set up a proxy, burp intercepted, sent to the intruder brute force
Add password location, type of sniper attack mode
Set payload, ready to dictionary, began to attack
The length of the response content obtained password is password
2. medium level
medium level just conducted a password filter to prevent sql injection, continue to brute force
Obtain passwords password
3. high level
Increased verification token, used to prevent csrf attacks, but also increases the difficulty to brute force
Can be scripted, every time user_token extracted, then splicing parameters, blasting, I've still extract the contents of the response by blasting burpsuite
I have been here a default username is admin, set two variable parameters location password, user_token, and select pitchfork mode crack
Select the response content location, automatically generated grep expression, copy this user_token, as the initial token, I have the following picture is wrong.
Needless to say, the first variable parameter dictionary
A second variable parameter dictionary, payload type selection recursive type
Get the password password
4. Summary
According impossible level source, defensive measures: increase the number of failed logins examination, after reaching the limit several times, the time limit