Posts tagged: BruteForce

Jan 05 2011

Researchers hack GSM mobile calls

Researchers have demonstrated an alarmingly simple technique for eavesdropping on individual GSM mobile calls without the need to use expensive, specialised equipment.

During a session at the Chaos Computer Club Congress (CCC) in Berlin, Karsten Nohl and Sylvain Munaut used cheap Motorola handsets running a replacement firmware based on open source code to intercept data coming from a network base station.

Armed with this, they were able to locate the unique ID for any phone using this base, breaking the encryption keys with a rainbow table lookup.

Although far from trivial as hacks go, the new break does lower the bar considerably compared to previous hacks shown by the same reasearchers. In 2009, Nohl published a method for cracking open GSM’s A5/1 encryption design using a lookup table in near real time.

Another important detail is that Nohl was able to replace the firmware of the handsets with custom software. According to the BBC report on which most stories are being based, this was only possible because the Motorola handsets in question had been reverse engineered after an unspecified leak.

How easy would it be to exploit the new hack? In short, not particularly easy. Creating a custom lookup table similar to Nohl’s would take months of work and any eavesdropper would still need to break into the handset in question.

The crack does lower the bar from being a hardware problem to one of software expertise, which will cause some alarm in the GSM engineering community.

By John E Dunn,
TechWorld

Nov 18 2009

Cain & Abel v4.9.35 Released

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

New Features:

  • Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
  • Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
  • Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
  • Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
  • Fixed a bug of RSA SecurID Calculator within XML import function.
  • Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data.
  • Executables rebuilt with Visual Studio 2008.
  • Added Windows Firewall status detection on startup.
  • Added UAC compatibility in Windows Vista/Seven.
  • Winpcap library upgrade to version 4.1.1.

Download: ca_setup.exe

Mar 17 2009

dnsmap 0.22 Released – Subdomain Bruteforcing Tool

dnsmap is a subdomain bruteforcer for stealth enumeration.

Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. dnsmap was included in Backtrack 2 and 3, although the version included is the now dated version 0.1.

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.

Original Features of Version 0.1
* obtain all IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain
* abort the bruteforcing process in case the target domain uses wildcards
* ability to be able to run the tool without providing a wordlist by using a built-in list of keywords
* bruteforcing by using a user-supplied wordlist (as opposed to the built-in wordlist)

New Improvements in Version 0.22
* saving the results in human-readable and CSV format for easy processing
* fixed bug that disallowed reading wordlists with DOS CRLF format
* improved built-in subdomains wordlist
* new bash script (dnsmap-bulk.sh) included which allows running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion
* bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards

Usage

usage: dnsmap [options]
options:
-w
-r

Download :
http://lab.gnucitizen.org/projects/dnsmap

Mar 04 2009

Medusa v1.5 – Brute Forcing Tool

What is Medusa?
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
The author considers following items as some of the key features of this application:
* Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
* Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
* Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

It currently has modules for the following services:
* AFP
* CVS
* FTP
* HTTP
* IMAP
* MS-SQL
* MySQL
* NCP (NetWare)
* NNTP
* PcAnywhere
* POP3
* PostgreSQL
* rexec
* rlogin
* rsh
* SMB
* SMTP (AUTH/VRFY)
* SNMP
* SSHv2
* SVN
* Telnet
* VmAuthd
* VNC

It also includes a basic web form module and a generic wrapper module for external scripts.

Download :
http://www.foofus.net/jmk/medusa/medusa.html

Dec 03 2008

LCP 5.04

LCP 5

Overview :
Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003.
General features of this product:

* Accounts information import:
o import from local computer;
o import from remote computer;
o import from SAM file;
o import from .LC file;
o import from .LCS file;
o import from PwDump file;
o import from Sniff file;

* Passwords recovery:
o dictionary attack;
o hybrid of dictionary and brute force attacks;
o brute force attack;

* Brute force session distribution:
o sessions distribution;
o sessions combining;

* Hashes computing:
o LM and NT hashes computing by password;
o LM and NT response computing by password and server challenge.

SID&User program is SID and user names getting tool for Windows NT/2000/XP/2003.
General features of this product:

* SID getting for a given account name;
* Getting of an account name for single SID or account names for SID range.

Download :
http://www.lcpsoft.com/english/download.htm