Security :: THC Hydra And HTTP Brute-force Cracking?
Mar 29, 2011
I set up an ASUS WL-500gP with original ASUS firmware to my LAN with IP address 192.168.1.1. If I navigate to address [URL] in my Firefox address bar, an Authentication required window opens up asking for "User name: " and "Password: ". Correct "User name: " is "admin" and correct "Password: " is "pA55w0Rd". They work fine if I type them in manually to the Authentication required window, but for some reason I can't get in using the hydra with words.txt password file, which contains "pA55w0Rd":
Code:
[root@ ~]# cat words.txt
password
user
pA55w0Rd
[code]....
View 2 Replies
ADVERTISEMENT
Nov 8, 2010
im looking for a good brute force program that has i gui. i used to use brutus on windows but now im only running ubuntu so i need to find one.
View 3 Replies
View Related
Feb 19, 2010
In my Open-Suse server I have a script, where makepasswd output(by default it generates similar passwords: cGyTbqpr, tpJ1LA, 33EXdo) is redirected to mkpasswd(which uses DES by default) in order to generate salted hash of this previously generated password. I would like to test the strength of this system. I have a quad core CPU, and if I start John The Ripper like this(I want to use -incremental:all flag):
john -incremental:all passwd
..only one core is utilized at 100%. Is there a possibility to make all four cores to crack this password? Or is this possible only after reprogramming John The Ripper? Or what is the algorithm for generating passwords with with -incremental:all flag? I mean if John generates passwords randomly in brute-force mode, then it's smart to start four different John processes simultaneously because then one of those four will find the password firs
View 2 Replies
View Related
May 6, 2011
I am ashamed that I am causing other people troubles, but apparantly my server is involved in attacking the servers of other people.
I have to admit that I am not too familiar with using a CLI, or Linux for that matter, but I have a Debian server running under Plesk 10, which is colocated.
Now I have received messages from the datacenterm which state that my server is involved in brute force attacks.
The messages show a lot of lines like this:
Code:
The only I get from my hoster is to back up all domains and re-install the machine.
I want to resolve this asap, but do not agree with that action for two reasons: the machine just had a fresh re-install 2 months ago, so if it is a flaw in the OS, I will get the same flaw back, and if it is not OS related but due to a domain, I will get the problem back by putting back the backed-up domains.
But now I'm stuck: what steps should I follow to try and find the cause of this evil and make sure that my machine will not bother other machines anymore?
I realize that this probably will be a steep learning-curve, but please bare with me and help me to resolve this.
What have I done so far?
1) There are a number of live sites on this server, either running WordPress or Joomla, I have made sure they are all updated to the latest release.
2) I have manually looked at the source code of the index-files of those sites, haven't seen anything strange, like redirects.
3) I have used online scanners to check all sites for malware, all have been reported back to be clean.
4) I have run the Plesk-version of RKhunter, and that gives me certain warnings which I cannot (or do not) understand:
Code:
Code:
Code:
I received the first report of these attempts about a week ago and immediately changed the Plesk/SSH password to a 200bit password generated with KeePass, hoping that would keep out any evildoers.
View 14 Replies
View Related
Mar 31, 2011
I have a mail server running RHEL, with postfix, dovecot, etc. I installed Fail2ban and this works wonders against SSH brute force attacks. It'll ban an IP address for a period of time if it unsuccessfully attempts to log on 3 times within, say a minute. I was wondering if it can be as effective with pop3 attacks. If it is, how can I get it done?
View 1 Replies
View Related
Sep 30, 2010
I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.
View 6 Replies
View Related
Nov 28, 2010
Had to happen I guess - cheap cracking on the cloud; see here
View 14 Replies
View Related
Mar 25, 2010
I want to see how secure my company is. I am not too concerned about over the wire, more about someone hacking our wireless.
View 6 Replies
View Related
Mar 28, 2011
I'm in the process of building a Linux server using spare desktop (HP dc 7700p PC with USB wireless adapter) and of course it will be used as the wireless security training exercise so I just wondering if Ubuntu or RHEL is suitable for me to learn ?BackTrack Linux is too hard to use and doesn't automatically detect the USB wireless network card usually.
View 1 Replies
View Related
Jul 25, 2010
I think ubuntu/canonical should start releasing a new flavour geared towards meeting needs of computer security professionals just like backtrack distro
View 9 Replies
View Related
Oct 18, 2009
I am using openDNS on my current Linux box and I was wondering if their is a way to force the DNS settings to stay the same even if ROOT tries to change it (since my dad wants content filtering password protected and I still want my computers root access...)
View 2 Replies
View Related
Sep 19, 2010
I have a http proxy account. It works well under windows through wodTunnel(an active X control component). But, I usually works under linux. I want to use it here. But I don't know how. I tried gstm, it can connect to the server successfully, but it seems can't respond to my http request. What should I do next?
View 3 Replies
View Related
Feb 3, 2011
When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.
I went into the SeLinux GUI and enabled things in there but still it wont work.
Any thoughts on what to check?
permissive mode and disabled they work
I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working
ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd
[Code].....
View 11 Replies
View Related
Jun 14, 2010
Is there any setting to connect ssh server using default profile.
for example if I run
ssh user@ssh_server_ip '/bin/bash --norc --noprofile'
it will skip user's login profile(/etc/profile,/etc/bashrc,~/.bashrc,~/.bash_profile)
Can i do some settings in ssh server that deny profile skipping by client.
View 1 Replies
View Related
Aug 10, 2010
Squid acl rules can be configured to allow specific ip's to get full access, or rather skips the blocked site list.
acl <tag> src x.x.x.x
http_access allow <tag>
http_access deny blocksites
From all the ways i tried, squid does not log these urls. Is there a way to have squid log the urls requested from allowed ip's?
Specs:
squid ver : (squid/2.6.STABLE21)
OS : CentOS 5.5
View 1 Replies
View Related
Apr 5, 2010
I would like to restrict a few selected accounts to minimum of 15 characters passwords. Other accounts,however, should still be able to login with 8 character passwords. This is in RHEL 5. Does anyone know how to go about it? I have checked PAM documentation and pam_cracklib.so has an option minlen. As per its documentation, minlen can force users to use 15 characters, but it forces every account on the system. I might be wrong too.
View 5 Replies
View Related
Nov 8, 2010
ettercap can see http request but not response
I'm trying to see regular http responses from my wireless ipad (victim) from my wired pc (attacker). Everything's working great but I can only see the http requests not the responses.
I've done much reading and googling and tried registering in more relevant forums but some forums were shutdown, so I've come here.
Code:
# setup ip forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# use ettercap to do the mitm using only mitm
sudo ettercap --iface eth0 --text --plugin autoadd --only-mitm --mitm arp:remote /192.168.0.1/ /192.168.0.155/
[Code]....
View 2 Replies
View Related
Sep 17, 2010
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports:
Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing).
I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
View 3 Replies
View Related
Aug 30, 2010
My company web access is behind proxy(http://abc.proxy). Network admin can get to check who is top10 user and web they access. I owned a centos server. I have a thought that create an encrypted tunnel within proxy so the admin cant detect my http address. This is how it going to works
client with OpenVPN -> OpenVPN server(centos with company proxy)-> proxy -> internet
My connectivity in my client are using OpenVPN server as bridge. Hence, no record for client is recorded in my Network admin monitoring list. OpenVPN server's activity can be traced by network monitoring tools, just assume that our ultimate goal is to hide client activity.
View 2 Replies
View Related
Mar 28, 2010
I'm having trouble with the installation process of THC HYDRA, it's my first time using it, someone was telling me about THC HYDRA GTK? I managed to get THC HYDRA running in CMD, but I want to use THC HYDRA GTK and I don't get how to get it working. I checked the main site of THC HYDRA, and it has screenshots of GTK but I don't know how to get it like that. For me I am only working in CMD...
View 3 Replies
View Related
Feb 19, 2011
I want to install Hydra GUI. Does anybody knows how to install it via yum, and how to bruteforce ip for FTP/specific open service/port.
View 13 Replies
View Related
Dec 13, 2009
I've got two routers, 10.0.0.0/23 and 192.168.2.0/24, which are joined by a Linux box with interfaces eth0 (10.0.0.2) and ra0 (192.168.2.2). I've got masquerading for ra0, and a route to 192.168.2.0/24 on 10.0.0.0's router. I CAN ping hosts on 192.168.2.0 from 10.0.0.0 just fine, but I CANNOT access web pages.Strangely, If I enable masquerading on eth0, and add a route to 192.168.2.0s router to 10.0.0.0, I can ping AND access web pages from 192.168.2.0Here is my current iptables
Code:
*filter
:INPUT ACCEPT [0:0]
[code]...
View 14 Replies
View Related
Apr 5, 2011
Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout. I know I can limit the number of connections but prefer to limit on protocol level. Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?
View 6 Replies
View Related
Oct 4, 2010
I downloaded the tar ball from the site.compiled it all fine. But when I try to run the line
Code:
./hydra -C Combo001.txt 10.0.6.100 ssh2
I end with
Code:
Error: Compiled without LIBSSH support, module not available../configure gives the following, and I see nothing wrong since it says ssh is found.
Code:
medusa@Cerberus:~/Desktop/hydra-5.7-src$ sudo ./configure
Starting hydra auto configuration ...
Checking for openssl (libssl/ssl.h) ...
[code]....
View 6 Replies
View Related
Oct 16, 2010
i want to install hydra-5.4 from source . but at first in ./configure i have this problem :
Code:
Checking for SAP/R3 (librfc/saprfc.h) ...
.. NOT found, module sapr3 disabled i didn't want that in any place such as it's site.how can i fix this problem?
View 1 Replies
View Related
Mar 15, 2011
I am trying to compile thc hydra on my netbook. I am running ubuntu 10.10.The configure goes fine, but when I try to make I keep getting this error, and I don't know which library it needs. Anyone help?
Quote:
/usr/bin/ld: cannot find -lpq
collect2: ld returned 1 exit status
make: *** [hydra] Error 1
View 4 Replies
View Related
Feb 24, 2011
However, configured a website on a dedicated server using WHM/cPanel. The site was uploaded using the master account for the website.
The security issue is public users are able to upload files on to my server via the website. They could even access the root and execute whatever they want on the server.
I have consulted with 2-3 Linux experts. According to them, the PHP user has rights to execute anything on the server or upload & store files in whichever folder they want.
Can I protect my folders to avoid file uploads via the website. The application has security vulnerabilites. However, I want to prevent hackers to enter my site until the vulnerabilities are fixed.
View 2 Replies
View Related
Mar 16, 2011
I have now been trying to find an answer for the following for a while and can't seem to get anything.On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.s functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords
View 5 Replies
View Related
Feb 1, 2011
I'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
View 1 Replies
View Related
Apr 2, 2011
I was wondering how to crack WEP WiFis.I have a WEP connection and was wondering how easy it would be for others to use my internet. I have Ubuntu 10.04 Lucid Lynx. If anybody could me a link to a tutorial, it would be great. I googled it up and currently have aircrack-ng installed and am installing SWScanner.What other tools/dependencies do I need?
View 6 Replies
View Related
