forked from forced-request/wXf
-
Notifications
You must be signed in to change notification settings - Fork 0
auxiliary enum phpmyadmin auth_bruteforce
nanoCoder edited this page Dec 14, 2011
·
3 revisions
forced-request
This is a brute force authentication module for phpmyadmin.
DIR phpmyadmin true Directory in which phpmyadmin resides
PASSLIST true Location of password list
PROXYA false Proxy IP Address
PROXYP false Proxy Port Number
RURL http://www.example.com/test.php true Target address
THROTTLE 0 false Specify a number, after x requests we pause
USERNAME root true Username to enumerate
VERBOSE false Show verbose output?
DIR -- Provide Directory in which the phpmyadmin resides.
PASSLIST -- Provide path to password file for brute force.
RURL -- Provide Remote URL (RURL) which hosts the phpmyadmin website.
USERNAME -- Provide Username if enumerated.
We'd like to brute force authentication on of a website running phpmyadmin. The remote RURL is http://websiterunningphpmyadmin.com/. The commands are:
set DIR /phpmyadmin
set PASSLIST /pentest/passwords/john/password.lst
set RURL http://websiterunningphpmyadmin.com/
set USERNAME admin
run