looking for a bruteforcer

[virenderm01]

hi evilzone
well i was just trying to sneak through our local server login page but was not able to do it through sql injection, i thought it would be easy coz its php based and debian server so but was not able to.
so now i thought it would be better i just try and bruteforce it but i don know a proper tool that is capable of this kind of stuff. can any1 help me with this 

[ande]

The fact that a server is Debian based does not make it more or less vulnerable to SQL injection, nor does PHP. PHP only allows the script to run SQL stuff.

Now, when it comes to your request idd say; Using premade "hacking tools" are stupid for several reasons. Its a risk for yourself because most of those tools are infected with malware. And it proves the point that you are a script user who have no idea how to create them yourself. Learn 2 code

May seam harsh, but seriously tho.

[Kulverstukas]

THC-Hydra. I think there is a port for Windows too, but I'd recommend Medusa for Linux.

http://www.thc.org/thc-hydra/

http://www.foofus.net/~jmk/medusa/medusa.html

[virenderm01]

No it's not like that ande I mean yeah i am a beginner in this field but i do know coding and my current project is sniffer so i'm just going through the whole pcap library
I have little idea how to create a bruteforcer i mean all i have to do is put all the keys in a string array and try various combination depending on password length and now can you help me with how to move forward in this field of security testing coz i really want to make this field as a profession.

[Mach0]

I was going to suggest Brutus-AE2 if you are stuck with using a Windows Box. But then I noticed with some small degree of sadness that it's no longer available as the site that hosted it Hoobie(dot)net is gone. *sniff* it will be nostalgically missed.

THC-Hydra has been much revamped of late and version 6.1 is available and it compiles cleanly under *nix, but sadly also no longer available for Windows as indicated by the change log and the words "Not Anymore!" 

The only other parallel network login brute-forcer on Windows that I could find is:

Bruter 1.1
Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Available at: http://sourceforge.net/projects/worawita/

[I_Learning_I]

There are lots and lots of ways to access a website, other than SQLi, I don't know how much access you have, but wouldn't it be easier for you to try Persistent XSS, Shell Upload, Path Trasversal and so on?
I'm not exactly sure if you're goal is to hack it to breach security or if it is just for fun, if it's for fun, bruteforce might be a good idea, and all you need is to know the size and charset (you can easily find that...)
If you're goal is to find a vulnerability in the configuration you might try other injection methods, also if you're working on a sniffer, why don't you simply ask someone to access it remotely and sniff the traffic?
I'm sorry if I'm missing the point here.

About bruteforce:

Code: [Select]

http://evilzone.org/hacking-and-security/url-bruteforce-i-guess/


[virenderm01]

T wouldn't it be easier for you to try Persistent XSS, Shell Upload, Path Trasversal and so on?
I'm not exactly sure if you're goal is to hack it to breach security or if it is just for fun, if it's for fun, bruteforce might be a good idea, and all you need is to know the size and charset (you can easily find that...)
If you're goal is to find a vulnerability in the configuration you might try other injection methods, also if you're working on a sniffer, why don't you simply ask someone to access it remotely and sniff the traffic?
I'm sorry if I'm missing the point here.

About bruteforce:

Code: [Select]

http://evilzone.org/hacking-and-security/url-bruteforce-i-guess/


dude my main motive is vulnerability testing actually i sniffed it last time and told them that this is the vulnerability but now actually they used md5 hashes and new routers and access points.
These don't even allow ping request so i'm not thinking of arppoisioning or sniffing.
But yeah the wireless is still vulnerable to sniffing but the admin is on lan with a cisco firewall and now comes the challenge to crack the pass or find vulnerability though i'm now going through details of nmap hope that'll help but if you have any better suggestions then please guide me.
Yeah i haven't tried Xss tunnelling and shell upload but path traversal didn't worked.
I'll try that too.
thaks for reply

[virenderm01]

thanks macho but i'm well aware of linux
I mean i'm using pcap library for sniffer that'll work on linux only though i'll look for winpcap if i would like to run mah s/w on windows also
thanks for suggestions

[I_Learning_I]

I'm sorry for the late answer, but I completely forgot to answer.
Anyhow, Nmap might be useful to make some DOX on the target, however, keep in mind that if the system is updated then you probably won't find any 0Day for it, which means you'll have a lot of useless information.
Your best choice would be to run several WebApp Scanners (presuming there's a website).
Try out Nikto, W3af and Acunetix, if nothing is spotted, than it's most likely secured.

Other than that all you can do is retrieve the Hardware Version and respective Firmware and see if there are any 0Days for it, Overflows for the router, bypass auth, etc...
You can also try some DNS Poison, and from there you can lure admins to log in the wrong page.
You can also try other methods of luring to show the weakness of the system.
Also if the connection involves MD5 encryption, you can tamper the MD5 Hash and try to google it, weak passwords is a vulnerability.

Post any doubts or any results.

[virenderm01]

k
currently i'm back and will go bac k to college after a week till then i'm just learning and gathering more and more knowledge to make the penetration a more success and yeah if i'm able to get the md5 hash then i can definitely crack it coz i have the option of guessing also after all i can get into the office to and yeah we all friends are into it so anyone can do shoulder picking also.

Anyways i should also get more info on nikto, w3af and acunetix. I have never had hands on on these sotwares.

Thanks for the advise will keep you guys updated what goes on next.

[virenderm01]

hey guys
I would like to say thanks to all of you who helped specially I_learning_I
I got great success in attacking the network
I used all the software to get details of the vulnerabilities present in the network.
Well it had medium level vulnerabilities but for my interest it supports sniffing which makes is vulnerable to man in the middle attack.
We have static ip configuration and the dns server for all is 192.168.0.1
i just changed my ip to 0 series and started sniffing
i found the server ip is 192.168.0.2
I poisoned it and bang! it worked all the traffic flowing through it popped up in password tabs.
I  used Cain&abel for it.
Now the company that provides protection to our college is nebero.
You can have a look at their website www.nebero.com
But the most foolish part was they encrypted the normal user with md5 hashing but the admin password was in plain text that made it feel like an icecream for me.
Now for being on the good side i told my college authorities about this and that brings my new question for everyone out there
How can they protect it?
second, I do changed the admin password but in a minute he called nebero and they rechanged the password, this means i have access to front end only which only leads to temporary access 
what should i do to get in the backend access and also maintaining it.
I tried port scan and find out port 650 is used for ssh.
That's all from my side info.
Can you guys sort this out for me or help me sorting it.
Thanks.