beautyfarm - THE BEST DESIGN
DOWNLOAD MY MUSIK,participa la concursuri,soft-uri,cool stuff,NIKON CLUB,Baruri Trendy,ScreenSavers,Accesorii Cool,Masini sexy,Bannere,Games,Aparitii Cinematografice,Tribal Farm...etc distreaza-te!Totul pentru TINE.Cele mai tari subiecte.
|
Lista Forumurilor Pe Tematici
|
beautyfarm - THE BEST DESIGN | Inregistrare | Login
POZE BEAUTYFARM - THE BEST DESIGN
Nu sunteti logat.
|
Nou pe simpatie:
ij12
 | Femeie
24 ani
Prahova
cauta Barbat
25 - 53 ani |
|
|
G-ride
Electrik Buzzz
Inregistrat: acum 16 ani
Postari: 35
|
|
.........................to 216.25.200.135.
220 WIN2KSERVER Microsoft FTP Service (Version 5.0).
User (216.25.200.135 none)): anonymous
331 Password required for anonymous.
Password:
530 User anonymous cannot log in.
Login failed.
ftp> quit
221 Fuck off!
It seems that anonymous ftp isn’t enabled, and not only that the server is quite rude when I leave. The server did give some confirmation that it is running Windows NT, or in this case Windows 2000 (dead giveaway in the machine’s name ‘WIN2KSERVER’). We’ll try the SMTP server now to check for user names.
220 WIN2KSERVER Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966
ready at Fri, 22 Jun 2001 09:08:49 –0400
vrfy smellydell
252 2.1.5 Cannot VRFY user, but will take message for smellydell
vrfy administrator
252 2.1.5 Cannot VRFY user, but will take message for administrator
well, there’s no use in verifying anyone on this server as it seems that the server will give the same message for real and bogus accounts (all NT servers have an ‘administrator’ account, in much the same way that *nix have root accounts). The ‘expn’ command didn’t work at all on this server (replied with ‘unknown command’ at expn postmaster). So at this point I’m S.O.L., but some machines will give a very good list of users and or active accounts using the smtp server.
Ok, so I’m off to brute forcing. The first thing I do is fire up Brutus.
Screenshot of brutus at startup
Next I’ll have to modify my users list (found in users.txt in the Brutus directory) to include users I suspect to be on an NT server. NT always has a ‘Guest’ account and an ‘Administrator’ account. I’ll add a few more guesses. In the end my users list looks like this:
A text file list of users
The next step is to fire Brutus at the target, when configured for an ftp attack, Brutus appears thus:
Configuring brutus
You’ll notice I set the timeout higher than the default. Brutus nicely circumvents connection limits by creating new connections for every request. This is useful because some servers will cut your connection after 3 bad guesses at passwords. Brutus uses the targets ability to take multiple ftp requests and creates a new request for every guess (I have set the program to make 10 requests simultaneously). The timeout is the lag time that the program will allow before it makes a new request. If you don’t set this high enough you are likely to flood the target and either crash its server, or simply hang Brutus. You can use a really high connection and low timeout rate as an effective DoS attack that will knock weak servers completely off the net.
So now I’ll fire Brutus at the target. I’m using the default password list that comes with the program, but there are several larger, and more complete word lists available online. What Brutus will do is try every username listed in the users file with every password in the word list (and can even generate its own random word list to include all combinations of letters, characters, and numbers). Remember that most passwords are 8 characters long, so its usually not worthwhile to try and brute force very short passwords. Here’s what Brutus looks like in action:
Screenshot of brutus attacking a target
Now, the downside to brute forcing is that it is extremely noisy, and even the worst sysadmin should notice it. During my demonstration my server immediately popped an alert that the system log was full. A quick examination of the system log reveals the problem immediately:
Screenshot of an NT event log
All those warnings you see are bad FTP login attempts. A double click on the alert shows:
Screenshot of an event log detail showing the brute force attack
It isn’t hard to figure out exactly what is going on. Even more disturbing is the log file left behind. Here’s a snippit:
13:30:18 216.25.200.135 [5]USER admin 331
13:30:18 216.25.200.135 [6]USER admin 331
13:30:18 216.25.200.135 [7]USER admin 331
13:30:18 216.25.200.135 [8]USER admin 331
13:30:18 216.25.200.135 [9]USER admin 331
13:30:18 216.25.200.135 [10]USER admin 331
13:30:18 216.25.200.135 [11]USER admin 331
13:30:18 216.25.200.135 [12]USER admin 331
13:30:18 216.25.200.135 [13]USER admin 331
13:30:18 216.25.200.135 [4]PASS - 530
13:30:18 216.25.200.135 [14]USER admin 331
13:30:18 216.25.200.135 [5]PASS - 530
13:30:18 216.25.200.135 [6]PASS - 530
13:30:18 216.25.200.135 [7]PASS - 530
13:30:18 216.25.200.135 [8]PASS - 530
13:30:18 216.25.200.135 [9]PASS - 530
13:30:18 216.25.200.135 [10]PASS - 530
13:30:18 216.25.200.135 [11]PASS - 530
13:30:18 216.25.200.135 [15]USER admin 331
13:30:18 216.25.200.135 [16]USER admin 331
Not only do you notice all the tries for the same account, but you can tell it is an automated attempt to brute force because the times of the attempts are so close together (60 or so attempts a second). Even more damning is that my IP address is logged all over the huge log file. Its not hard to spot me or figure out what I’m attempting to do. Be warned if you attempt a brute force that you are probably going to get notice.
Now, I happened to be successful on this attempt and got on username and password. The results are displayed in Brutus under the ‘Positive Authentication Results’ window:
Screenshot showing brutus successfully identifying login information
You can see the username ‘user’ and password ‘charles’ worked on the server. Lets try them out:
C:\>ftp 216.25.200.135
Connected to 216.25.200.135.
220 WIN2KSERVER Microsoft FTP Service (Version 5.0).
User (216.25.200.135none)): user
331 Password required for user.
Password: charles
230-Fuck you!
230 User user logged in.
ftp>
Boom, and its just that easy. Now that I’m in my first step should be to attempt to clean up the traces of my attack (i.e. the log files and system event logs). Accomplishing this task takes more explanation than I have time for here, but hopefully you get the idea.
If nothing else, this short article should show you the value of good passwords. If I hadn’t set up the account ‘user’ with such a crappy password this attack most likely would have been unsuccessful. See my article on passwords for a good run down of how to pick a good password to keep your accounts safe from brute force attempts.
_______________________________________
|
|
| pus acum 15 ani |
|