-
Notifications
You must be signed in to change notification settings - Fork 46
Attack Method
On the brutemap tool, there are several attack methods that make it easy for you to check accounts or test forms.
The Twin Method is a method that tests passwords based on the current username index. And the purpose of this method is to simplify checking accounts
For example, i have 2 usernames:
| Usernames |
|---|
| admin |
| root |
And, 1 password:
| Passwords |
|---|
| default |
And it will come out, like this:
=> admin : default
The root username will not be tested, because it has no partner password.
Use the option --twin to activate this method
This method will test the page form with SQL injection payloads, for more information see here
Use the option (-sB or --sqli-bypass) to activate this method
This method is the same as the SQL Injection Bypass Authentication method, but it will insert SQL injection payloads into the username.
For example, i have 2 usernames:
| Usernames |
|---|
| admin |
| root |
And, 2 payloads:
| Payloads |
|---|
| ') or true-- |
| ')) or 1-- |
And it will come out, like this:
=> admin') or true-- : ... => admin')) or 1-- : ...
Use the option (-sP or --sqli-payloads) to activate this method