Nmap Announce mailing list archives
Cracking basic auth -- clarification
From: Fyodor <fyodor () dhp com>
Date: Sun, 21 Nov 1999 10:47:15 -0500 (EST)
In my last message I asked about tools for cracking http basic auth and sshd. Several people found the question ambiguous. Thus I will clarify. I am not talking about cracking the server side .htpasswd password file (which is usually just crypt() or MD5). Nor am I talking cracking a wire-sniffed basic auth password (which is just mimencoded plain text). What I am referring to is brute forcing a live server with a dictionary attack. There are a lot of special purpose programs out there which will brute force authentication to a POP3 server, IMAP server, CVS server, NNTP server, FTP, Telnet, NetBIOS/TCP, SSH, etc. Unfortunately many of these tools are often slow, unreliable, and lacking in common functionality. The only mature applications near this application space seem to be the cryptographic hash crackers that work locally (Solar Designer's John the Ripper, Alec Muffet's Crack, etc). It seems like the time has come to combine these into a generic brute force parallel cracking engine which utilizes relatively simple modules to handle each of the network authentication protocols. Perhaps one could start with a local cracker like John and extend it to support networks. This would allow leveraging of all the useful password list generation code and bring the convenience of having highly optimised local password cracking within the same program/interface. My question is whether anyone has worked on this yet for UNIX, or whether I should start from scratch. Even the Windows guys are starting to develop these tools -- see Brutus ( http://www.hoobie.net/brutus/ ). Sure, it is a slow, bloated, binary-only Visual Basic Windows app. But it is a start. Am I the only one who is sick of having 10 different netauth crackers with widely varying interfaces, capabilities, bugs, etc? It reminds me of the time when I used to have a directory full of half-scan, pscan, bounce-scan, strobe, reflscan, udp-scan, etc. Cheers, Fyodor -- Fyodor 'finger pgp () pgp insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ "Girls are different from hacking. You can't just brute force them if all else fails." --SKiMo, quoted in _Underground_ (good book)
Current thread:
- Cracking basic auth -- clarification Fyodor (Nov 21)