Ok, I'm getting tired of seeing "How do I hack into a secure site". First off, the majority of "secure" sites use .htaccess for their authentication. In otherwords, if you see a little box pop up that says "password" and "username" chances are it's .htaccess and .htpasswd that are blocking your way.
Now, how .htaccess looks is as follows:
AuthUserFile /var/www/html/members/.htpasswd
AuthName Paid Member
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
See that, pretty basic 'eh? And I'll bet you that the majority of 'em look the same way too...
Now, the .htpasswd file looks totally differant, the passwords are encrypted, the username is not...
gizmo:gikZbrq7ZFQJ.
gizzy:gieKOUmNNB7go
giz:giL8X53UiINbs
neo:nenIgi4UdbW.M
weeve:we7dyaNzlm.Ag
newbies:neZgxh60ynKGU
See, the thing is, you don't need either of the two files to bruit force a thing... Their just given here as an example of how things work (when you learn, thats how you learn, otherwise you get left behind).
Now, theirs really only a couple of things you need...
1. A couple of proxy servers (if you want to remain anonymous)...
2. A bruit force program (We recommend
www.accessdiver.com for all of your Bruit Force needs)...
3. A members URL which uses .htaccess (for example:
http://www.yourvictem.com/members/ )
4. A wordlist (you're on your own there, my wordlist is my baby).
Basically, in AD you load your wordlist, load your proxys, drop in your URL, click standard. After many hours of grueling work, if you have a good wordlist, you'll have a user/pass...
