Carnivore - Predator
Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
current version: 0.7.0 - PREDATOR
home > documentation > modules > How to use AntiLogin
This article explains how to effectively make use of AntiLogin.
author: Remco Kouw
created: 27-Apr-2024
updated: 27-Apr-2024

Introduction to AntiLogin

This documentation explains the functionality of the THC AntiLogin (thc_al) module.

AntiLogin is one of the most powerful modules in Carnivore, designed for easy configuration of attacks. It is fully compatible with ModGlue and Shodown, enabling attacks on locations gathered by those modules.

Interface Parameters:

  1. Wordlist: Enter passwords manually or select a wordlist.
  2. User: Variable name of the username field. For example, Carnivore might determine it as user.
  3. Username: Account name of the user you wish to attack.
  4. Fail Text: Text indicating a failed login attempt.
  5. Escape Text: Text indicating that further attempts are futile, e.g., server down or user blocked.
  6. Success Text: Text displayed upon a successful login.

ModGlue Variables:

  1. $_CONTEXT['thc_al']['datafile']: (string) Absolute path to the log file where successful logins are stored.
  2. $_CONTEXT['thc_al']['wordlist']: (string) Absolute path to the wordlist file located in the Wordlists folder.
  3. $_CONTEXT['thc_al']['passwords']: (array) Passwords used for the attack.
  4. $_CONTEXT['thc_al']['post_attack']['fields']: (array) Key-value pairs of the form variables.
  5. $_CONTEXT['thc_al']['post_attack']['username_field']: (string) Variable name of the username field.
  6. $_CONTEXT['thc_al']['post_attack']['host']: (string) Host field.
  7. $_CONTEXT['thc_al']['post_attack']['ignore']: (array) Variable names specified by the user to ignore.
  8. $_CONTEXT['thc_al']['post_attack']['password_field']: (string) Variable name of the password field.
  9. $_CONTEXT['thc_al']['post_attack']['fields2']: (array) All key-value pairs required for the attack.
  10. $_CONTEXT['thc_al']['post_attack']['components']['host']: (string) Host part of the specified URL.
  11. $_CONTEXT['thc_al']['post_attack']['components']['path']: (string) Path part of the specified URL.
  12. $_CONTEXT['thc_al']['templatedcontent']: (string) PHP template containing properties of a successful attack.
  13. $_CONTEXT['thc_al']['password']: (string) Current password.
  14. $_CONTEXT['thc_al']['attackmethod']: (string) _POST or _GET.
  15. $_CONTEXT['thc_al']['attackquery']: (string) Raw attack query.
  16. $_CONTEXT['thc_al']['curl']: (resource) CURL connection.
  17. $_CONTEXT['thc_al']['pagesource']: (string) Server response after sending the request.
  18. $_CONTEXT['thc_al']['error']: (string) Error message.
  19. $_CONTEXT['thc_al']['errornumber']: (int) Error number.
  20. $_CONTEXT['thc_al']['socket']: (resource) Socket connection.
  21. $_CONTEXT['thc_al']['httpheaders']: (string) HTTP headers for sending socket requests to the web server.

Resource Settings:

  • Time Limit: PHP default.
  • Memory Limit: PHP default.

Expanding AntiLogin:

N/A

Dependencies:

CURL or Sockets (fallback)

Known Issues:

This is a dictionary attack brute-force module, which can demand significant memory resources. If you encounter time limit or memory issues, consider adjusting the module's settings.

How to use THC AntiHash || How to use AntiMail
similar content
How to use AntiFTPHow to use THC AntiHashHow to use AntiMailHow to use AntiZipHow to use THC Database BruteHow to use HTTPAuthHow to use THC xSNMPHow to use THC xSSH
Created by Remco Kouw: 2008-2024