Re: Bruteforce HTTP Basic authentification

From: Chris Kuethe (chris.kuethe_at_gmail.com)
Date: 08/19/05

  • Next message: LionBSD: "Re: testing BGP" 
    Date: Fri, 19 Aug 2005 12:16:02 -0600
To: Pen Test <pen-test@securityfocus.com>

    On 8/19/05, someone asked me:
    > Where could I find a frequency analyzer? Is that something you custom
    > wrote?

    It's another little custom bit of perl. again, this is dead easy in a
    couple of screens of perl. roughly like this

    foreach $word (<>) {
        $n = 0;
        foreach $c (split(//, $word)){
            $freq{$n}->{$chars[0]}++;
            $n++;
        }
    }

    and then print the resulting hash through whatever method you choose
    (use perl's built-in sort, or offload it to /usr/bin/sort...)

    > -----Original Message-----
    >
    > From: Chris Kuethe [mailto:chris.kuethe@gmail.com]
    > Sent: Thursday, August 18, 2005 4:06 PM
    > To: Serg Belokamen; Pen Test
    > Subject: Re: Bruteforce HTTP Basic authentification
    >
    > By optimized alphabet, I mean sort the letters to be tried by order of
    > frequency in your probably target language. You could try AAAAAAAA,
    > AAAAAAAB, AAAAAAAC, ... but there's a reason why they give you "RSTLNE"
    > for free on Wheel of Fortune.
    >
    > The last big brute force I did, I took the standard unix dictionaries,
    > plus the text of a bunch of ebooks I had on my laptop and came up with
    > frequency distributions for the first through fourth letters of the
    > average english word. As I was targetting a system where most of the
    > users were native english-speakers, I figured this was a safe assumption
    > to make. It took some minutes for my frequency counter to run, but when
    > I was finished, I had a set of alphabets that made it a lot more
    > effective to search for dictionary words, their leetspeak variants, and
    > finally alphanumeric keyboard smashing...
    >
    > CK
    >
    > On 8/17/05, Serg Belokamen <serg.belokamen@gmail.com> wrote:
    > > What do you "optimised alphabet" ... any URL's etc?
    > >
    > > Cheers,
    > > Serg
    > >
    > > On 18/08/05, Chris Kuethe <chris.kuethe@gmail.com> wrote:
    > > > On 8/17/05, nik <nik@adminzone.ru> wrote:
    > > > > Hello list!
    > > > > I'm doing little pen-test of a web-application for a small
    > > > > company.
    > > > > This application uses HTTP Basic autintification. So the question
    > > > > is:
    > > > > does any one know some tools (such as brutus) for brutforce
    > > > > usernames and passwors for this type of authentification. These
    > > > > tools must run under Linux or FreeBSD.
    > > >
    > > > The LWP perl module will do quite nicely. Combine that with an
    > > > optimized alphabet or 4, and you can have a very effective brute
    > > > forcer in a couple of screenfuls of code. Optimizing your alphabet
    > > > can be very effective, taking the time to crack a password down from
    >
    > > > hours to minutes or even seconds if you have a good idea about the
    > > > letter distribution. ;)
    > > >
    > > > CK 

    -- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
  • Next message: LionBSD: "Re: testing BGP"

    Relevant Pages

    • Re: Math
      ... floating point to string is performed by the C compiler, ... following instructions from perl. ... The conversion should not be too slow. ... and found that using this custom function would ...
      (comp.lang.perl.misc)
    • Doing the Impossible? :: Is there anyway to access custom .Net DLLs from within Perl
      ... First off I am NOT talking about accessing Perl ... effort invested in a rather large Perl based archatecture in custom ... tools and environment. ... We have recently started investing time and ...
      (comp.lang.perl.misc)
    • Re: Boxed Perl or ActiveState Perl?
      ... Dunno about Debian but... ... it's considered a bad idea to replace the perl that is used ... by the system, by a custom one. ...
      (comp.lang.perl.misc)
    • Re: foreach in my
      ... >> Because it is not valid Perl syntax. ... wouldn't use that return value to build the array. ... only addresses the perl issue at hand - for which no modules or custom ...
      (comp.lang.perl.misc)