Re: French - Dictionnary attack

[Mordread Wallas <mordread.wallas () gmail com>]

Hi,

I'd suggest you to create you hown dictionary, after spending some
time analyzing the focused application (and check what type of
characters are allowed, min and max length, etc).

Don't forget to add common words and names from popular movies and
books (the matrix, lords of the ring, harry potter, etc).

Then you could use your own script (maybe John the ripper can do it, I
don't know) to create a new hybrid dictionary based on yours (adding
letters, numbers, swithing characters, etc)...

As dictionary attack are faster than bruteforce, add in you dics:
- 4 characters numbers from 0000 to 9999 (bidthday dates, pin codes, ...),  
- 10 characters numbers (phone numbers),

And then, use you 6th sense ;-)

@+


2005/8/10, Moussa Diallo <moussa () diallo org>:
> securityfocus () benmansour net a écrit :
>
> > Hi pen-testers,
> >
> > I need to perform some basic password guessing tests on a France based online application.
> >
> > I am contemplating using Brutus (http://www.hoobie.net/brutus/) for the testing.
> >
> > Could you please recommend similar tools that could perform:
> > - brute force attacks
> > - dictionnary attacks
> > on a web based FORM ?
> >
> > Selection criterias might include tolerance to timeout, as well as speed, ability to interrupt/resume a test.
> >
> > I am also looking for French specific dictionnaries that could help for this type of testing.
> >
> > Thanks in advance.
> >
> > Regards,
> >
> > sbm
> >
> > ------------------------------------------------------------------------------
> > FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
> >
> > Learn the hacker's secrets that compromise wireless LANs. Secure your
> > WLAN by understanding these threats, available hacking tools and proven
> > countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> > session hijacking, denial-of-service, rogue access points, identity
> > thefts and MAC spoofing. Request your complimentary white paper at:
> >
> > http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> > -------------------------------------------------------------------------------
> I will recommand you to use :
>
> Bruteforce *Hydra* : http://www.thc.org
> Dictionnary ftp://ftp.openwall.com/pub/wordlists/
>
> Best regards,
> Moussa
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------