Carnivore - Predator
Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
current version: 0.7.0 - PREDATOR
home > documentation > modules > How to use HTTPAuth
This article explains how to effectively make use of HTTPAuth.
author: Remco Kouw
created: 01-May-2024
updated: 01-May-2024

HTTPAuth Introduction

This documentation provides an overview of the HTTPAuth (thc_ht) module functionality.

The HTTPAuth module is designed to attack Basic HTTP Authentication scripts using dictionary attacks to gain access.

Interface Parameters:

  1. Attack URL: The location of the HTTP authentication.
  2. Username: The username associated with the account.
  3. Wordlist: Dropdown menu containing wordlists from the Wordlists folder.

ModGlue Variables:

  1. $_CONTEXT['thc_ht']['log']: (string) Absolute path to the log file located in the module's root folder.
  2. $_CONTEXT['thc_ht']['username']: (string) Username to attack.
  3. $_CONTEXT['thc_ht']['scanurl']: (string) URL path to the authentication script.
  4. $_CONTEXT['thc_ht']['wordlist']: (string) Filename of the wordlist.
  5. $_CONTEXT['thc_ht']['urlparts']['host']: (string) Host part of the parsed URL function.
  6. $_CONTEXT['thc_ht']['urlparts']['scheme']: (string) Scheme part of the parsed URL function.
  7. $_CONTEXT['thc_ht']['urlparts']['path']: (string) Path part of the parsed URL function.
  8. $_CONTEXT['thc_ht']['wordlistlocation']: (string) Absolute path to the wordlist file located in the Wordlists folder.
  9. $_CONTEXT['thc_ht']['wordlistdata']: (array) Passwords from the selected wordlist.
  10. $_CONTEXT['thc_ht']['wordscount']: (int) Number of passwords in the wordlist.
  11. $_CONTEXT['thc_ht']['keys']: (array) Data from the log file (only applies to the Dump Log case).
  12. $_CONTEXT['thc_ht']['found']: (boolean) Status of the brute-force process (true if the password was found, false otherwise).
  13. $_CONTEXT['thc_ht']['request']: (string) Request string for HTTP authentication.
  14. $_CONTEXT['thc_ht']['attempts']: (int) Total number of attempts.
  15. $_CONTEXT['thc_ht']['connect']: (resource) cURL connection resource.
  16. $_CONTEXT['thc_ht']['password']: (string) Password string.
  17. $_CONTEXT['thc_ht']['response']: (string) Response from the authentication script after sending credentials.
  18. $_CONTEXT['thc_ht']['totaltime']: (int) Total execution time for the script.

Resource Settings:

  • Time Limit: PHP default.
  • Memory Limit: PHP default.

Expanding HTTPAuth:

N/A

Dependencies:

cURL

Known Issues:

This module uses dictionary attacks for brute-forcing, which can be resource-intensive. If you encounter time limit or memory issues, consider adjusting the module's settings.

How to use THC Database Brute || How to use THC xSNMP
similar content
How to use AntiFTPHow to use THC AntiHashHow to use AntiLoginHow to use AntiMailHow to use AntiZipHow to use THC Database BruteHow to use THC xSNMPHow to use THC xSSH
Created by Remco Kouw: 2008-2024