Full Disclosure mailing list archives
Re: NiX - Linux Brute Forcer (the beast) has been released!]]
From: nix () myproxylists com
Date: Fri, 12 Nov 2010 21:47:32 +0200
---------------------------- Original Message ---------------------------- Subject: Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!] From: "Ryan Sears" <rdsears () mtu edu> Date: Fri, November 12, 2010 6:59 pm To: nix () myproxylists com Cc: full-disclosure () lists grok org uk -------------------------------------------------------------------------- Well that's not really a useful response. He asked a simple question (the first one that popped into my head as well). Basically it comes down to this: THC's Hydra already does all that stuff, and they've been doing it for years and years. How does your tool fit in with it? It sounds like you basically coded the exact same thing, and while frustrating - happens. Medusa: Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC, and a generic wrapper module. THC-Hydra: Currently this tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, AFP, LDAP2, Cisco AAA (incorporated in telnet module). Comparison between the two (keep in mind hydra is currently at 5.8 and medusa is at v2): http://www.foofus.net/~jmk/medusa/medusa-compare.html These can crack any authentication protocol that I can really think of, and they're stable. People are probably not going to stop using what they know how to use, especially if it works and fills up the space the tool is required for nicely (as both of these currently do).
How does your tool provide any advantage over this? Not to mention that password brute-forcing is rarely needed for anything even remotely constructive, if you want to make sure people's passwords are secure - enforce better password policies, because even aaaaaaa9! is still better than aaaa (or god, sex, love, and secret :-P). People are getting
smarter >with their passwords (for the most part) which is largely rendering >password cracking pretty useless IMHO. There are normally much better and >more efficient ways of gaining access to a machine than brute force >anyway, it's noisy and probably going to be noticed. Even breaking basic >passwords over the internet takes forever, because a lot smarter people >then myself have coded the crypto in most cases to be quite strong.
Ryan
Again, please read the features listed at my site. It offers the features no other tool provides. Where is for example FORM auto-detection for those other tools? Where is SOCKS4 proxy support? Where is proxy randomization? Where is logic to drop dead proxies? Where is logic for fake-detection? If offers more than reasonable features over any other tool. I do not force none to use my tool if you have fallen in love with those other tools and you are simply too blind to see advantages using NiX. I can obviously see none actually does bother reading anything properly and keep asking me the same questions. ----- Original Message ----- From: nix () myproxylists com To: full-disclosure () lists grok org uk Sent: Friday, November 12, 2010 12:23:18 AM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!] ---------------------------- Original Message ---------------------------- Subject: Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released! From: "Abuse 007" <abuse007 () gmail com> Date: Fri, November 12, 2010 3:22 am To: nix () myproxylists com --------------------------------------------------------------------------
Why would we use this tool over say Hydra or Medusa?
I have just compiled Hydra first time (don´t know about Medusa, please link me). Obviously you did not read nor understood features it offers over any other similar tool. Please read again features listed at my site and you get the answer to your question. On Fri, Nov 12, 2010 at 11:16 AM, <nix () myproxylists com> wrote:
NiX Brute Forcer is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote authentication such as: HTTP(S) BASIC/FORM, MySQL, SSH, FTP. It is based on NiX Proxy Checker. If anyone is interested in beta testing new releases before the public release, please sent me an email. Current features: - Basic Authorization & FORM support - HTTP/SOCKS 4 and 5 proxy support - FORM auto-detection & Manual FORM input configuration. - It is multi-threaded - Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy - Integrated proxy randomization to defeat certain protection mechanisms - With Success and Failure Keys results are 99% accurate - Wordlist shuffling via macros - Advanced coding and timeout settings makes it outperform any other brute forcer TODO: MySQL, SSH, FTP and IMAP support. You suggest more? Download and installation: http://myproxylists.com/nix-brute-force _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] nix (Nov 12)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] phocean (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] nix (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] nix (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] rdsears (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] nix (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] Robert Kim App and Facebook Marketing (Nov 13)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] nix (Nov 14)
- Re: NiX - Linux Brute Forcer (the beast) has been released!]] phocean (Nov 13)