CRACKING HTTP DIGEST AUTHENTICATION WITH HYDRA
- Layout for this exercise:
- Creating a list for users:
- Creating a list for passwords, 5 characters with the limited charset of "ab":
- Launching Hydra, and passing as parameters the lists of users and passwords:
- A successful password has been found. Checking the credentials, the web resource is available:
- Note: in this exercise a very simple combination of username:password has been used, because the purpose was just to illustrate the usage of the attacking tools. However, in real world there are available complex lists of combinations of username:password that can be used for performing dictionary and brute force attacks. The Kali command #locate wordlists provides many available wordlists, for instance into the folder /usr/share/wordlists
