Wednesday, July 3, 2013

Passwords ... Hydra and Crunch have a date with your network .... Sema chipo

A fellow hacker friend complained ... Yes Bright you did, :) about the use of John the Ripper as opposed to crunch while using it with Hydra to brute force, so without much ado here is his opinion in a practical way :) 

You can use a direct pie between Crunch and Hydra, but it tests passwords much slower than it receives. So you have to use "xargs" buffering to adapt the entries in Hydra: 



crunch June 4-f charset.lst mixalpha | xargs-L1 hydra 127.0.0.1 ssh-s 22-vV-l root / tmp / pass-es-t 10-p


The "-L1" xargs that the command (here hydra) is executed for each line received (Crunch, here). ca may take some time because Hydra can not launch multiple attacks at the same time, but by generating passwords on the fly is a problem that you do not cut it

SoftWare Analysis/Cracking/Testing its tricks and stupidity

Why so hush? well maybe because software developers dont have what it takes any more...
what do i mean? is it that teachers and lecturers are failing would be programmers and/or developers
to me they already did that.... here is my two cents worth..

we have classes , labs, training and development facilities well than equipped but whats the downfall ... SECURITY read (the practice) and why do I think/know so?

recently i was offered a job to do a system analysis and pentest the application blackbox to be specific now not one is what will be comparing but 2 applications one...

a SIMS (School Management Information System)
and
a RPOSS (Retail Point Of Sale System)

now forget the acronyms i would also forget me mentioning their names due to infringement of some laws and client privileges but hey here we go.

Under my job/pentest description my client(s) wanted to deploy the software but as trials to other users using the most common method that is user tries out product/service and product expires after a certain period efficient? .... maybe

so skipping on to the following .. the SIMS would be used in a standard 10 days then lock up completely forbidding any user to interact with it, while the RPOSS would be used in a speculated 60 days then also lock up completely forbidding access to the users totally...

well the terms highlighted in italic caption are as such on the SIMS (standard) it actually had ten days prior to installation to be used (in exact 10 days) then it would act up.... then to the RPOSS (speculated) it actually had 60 (actually 58) turns to be initialized (opened) then it would lockup.

{skipping the whole long conversation here is how i went at them}

  • the first thing to do is install them.... (duuuh) > i normally make a backup my registry(export) before any installation is done , also do a regular process check to see what other/additional processes it/they will pull up.
  • the second thing is check all the added files... for this i normally ensure i click show full details while installing noting down any different path from the one i have set being added or created.
  • after install i usually export another registry from my computer and i can compare and asses all this on a required term.
  • well >> we cant wait for 60 days or 10 days to actually see what happens can we? well not on my case... any-other analyst will probably fire up their expensive or complex tools and decompile the applications or library files or??? any who a pal and fellow hacker not to mention mentor (too much ass kissing ...? you should ... this guy is a god) chucks says every battle is won before its fought.. so no tools...for now , first thing first forward the date to 61 days from then :) why 61 not 10 (go figure) so:
here is what i get 
SIMS--------------- [duration overdue please enter activation code or register with the software supplier]
(or something like that :) )
RPOSS------------ {still opens !!!!! }

hmmm ok so what happens ( a backdate)
so i backdate the dates and start checking again.... response?

SIMS--------------- [duration overdue please enter activation code or register with the software supplier]
(or something like that :) )
RPOSS------------ {still opens !!!!! }

ok i think am missing something... but hey its to early to tell... why not check my registries .. here goes nothing (well actually nothing is true cos i find nothing) there tonnes of registry editors that allow auto or manual compare ... i prefer manual ... if you wanna learn about how the registry works (google) meanwhile post a comment and i will see what i can do. ok.... moving on.

what about we check the activation method...
  1. can we bypass it?
  2. is it valid?
  3. whats its method?
I fire up my IDA pro and decompile this little bugger (well the RPOSS)
for the SIMS it has a lot of .NET req when installing so basically .NET reflector works much better while am handling it... what does RPOSS give us (for confidentiality reasons am not allowed to print the screenshot of the code but heres a fast forward) the method that handles the counter happens to save to a file!!!!! what???? what do you mean? an encrypted file? well actually no a *.cfg file. wow ok HOW LAZY so what happens here.... well lets open up the file ... a simple drag to gedit or kwrite (on windows notepad ) gives us an open file with the number 12 on it... ok...so what if i change to 0... still opens.... and to 70 or any number higher than 60? we get a warning/error [please register ***** as it was distributed without a license key] or something like that :)

amazing....so what ... one we found a flaw and i could go on about the numerous other issues on how the software/application was vulnerable but let me spare em developers the embarrasement.... 

what methods could have solved this programmer/developers issue? and why did i attack the teachers/lecturers?
well a lot of things... check that in my part two where we crack* the second system-the SIMS 

later CIAO

ARCHIVED

:) No longer posting, all articles should be treated as archived and outdated