Brutus

Previous page
Table of content
Next page

Brutus

Brutus is a multifeature Web password cracker. The program is written for Windows only but allows for a number of different types of authentication brute forcing, including:

         HTTP (Basic Authentication)

         HTTP (HTML Form/CGI)

         POP3 (Post Office Protocol v3)

         FTP (File Transfer Protocol)

         SMB (Server Message Block)

         Telnet

Although HTTP Basic is the most ubiquitous program on the Internet today, HTTP Form is close behind. To use Brutus to brute force a standard HTTP Basic page, we need only input the target in the Target field, select HTTP (Basic Authentication) in the Type field, and then select the type of Authentication Options (by default it will use the most common of usernames and passwords). Figure 15-5 shows how Brutus can be set up to brute force known usernames and passwords.

Figure 15-5. Brutus brute forcing an HTTP Basic connection

graphics/15fig05.gif

The Positive Authentication Results window shows that the administrator username and test username have been confirmed to have a blank password and the word "test," respectively.

However, if we have exhausted our list of usernames and passwords, we can allow Brutus to identify the password with its brute-force options. As shown in Figure 15-6, with these options we can select the size and composition of the password in an attempt to include the full ASCII keyspace or a customized range.

Figure 15-6. Brutus's brute-force password options

graphics/15fig06.gif

Then when Brutus runs, which could take some time, it will attempt all the permutations of the set created. Figure 15-7 reveals that, with 0 6 length and lowercase alpha as the composition, the complete brute force will take about a month on a P4-1.2 GHz machine. Not quite the speed we were looking for, but the feature is robust.

Figure 15-7. Brutus, using the true brute-force feature

graphics/15fig07.gif

But the real advantage of using Brutus for Web password cracking is for HTTP (Form) attempts. Brutus offers a number of features that accommodate whatever form we have, including the support of cookies and user-defined responses. Figure 15-8, shows Brutus's simple interface for setting up an HTTP (Form) brute-force attempt.

Figure 15-8. Brutus and HTTP (form) settings

graphics/15fig08.gif

Now, using the "Learn From Settings" button, we let Brutus try to read the form we want to brute force and understand what it requires for authentication. Figure 15-9 shows the returned options and fields specific for the targeted form.

Figure 15-9. Brutus Form Viewer

graphics/15fig09.gif

The two fields in the form are "user" and "password." The back-end server program that processes the user and password to validate it is /cgi-bin/login.cgi. We accept these parameters and have Brutus attempt passwords against the system, as shown in Figure 15-10.

Figure 15-10. Brutus and HTTP (form) results

graphics/15fig10.gif

Brutus's flexibility is robust and its feature set unrivaled. It will perform every major authentication attempt except NTLM. The only program we know that offers NTLM brute forcing is FoundScan by Foundstone (http://www.foundstone.com).

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Image Processing with LabVIEW and IMAQ Vision
Data Structures and Algorithms in Java
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy