Many “checkers” that are out there usually being developed to attack a certain website, while “Sentry MBA” is based on a configuration file that can be adopted to attack any website. Those attacks are executed using special tools tailored for this scenario, called by the hackers “Combo Checkers”, such as “Sentry MBA”.įigure 1: “Sentry MBA” Combo Checker ToolĪlthough the tool is not new, the popularity of “Sentry MBA” amongst hackers is growing due to its high flexibility. The attack exploits the fact that people usually use the same user name and password on many different websites. “dictionary”), attackers “reuse” credentials leaked from other websites.
Instead of trying to guess a certain user password from a generated word list (a.k.a. “Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages.