RE: bruteforce attacks to GUI applications

[Kenton Smith <listsks () yahoo ca>]

I haven't ever used it, but my understanding is that
Brutus does exactly what you say is Hollywood fiction.
http://www.hoobie.net/brutus/index.html

Kenton

--- m_r_welch () tiscali co uk wrote:

> Typically they don't. Either they attack the
> executable with a decompiler/dissembler
> and find where the password is stored, extract it
> and then bruteforce the
> encryption/hash directly, or if the gui sends the
> password across the network,
> they will aim to intercept the packets and then
> proceed as above, or alternatively
> write their own application to send brute-force
> forged requests against the
> server that stores the password. The hollywood
> stereotype vision of usernames
> and passwords being automatically entered into the
> gui is just that - a hollywood
> fiction.
>
> > -- Original Message --
> > Date: Wed, 09 Nov 2005 03:59:11 -0600
> > From: ework0 <ework0 () gmail com>
> > To: security-basics () securityfocus com
> > Subject: bruteforce attacks to GUI applications
> >
> >
> > hello, anyone know how can an intruder perform
> brute force attacks to a
> > GUI running application (ej: a password login) ?
> >
> > Let's assume the application is running on Java and
> the attacker is able
> > to log in locally, run GUI the application, and
> perform the attack from
> > the command shell with a wordlist, how is that
> possible?
> > Thanks,
> >
> > ework0
___________________________________________________________
> Tiscali Broadband from 14.99 with free setup!
> http://www.tiscali.co.uk/products/broadband/



        

        
                
__________________________________________________________ 
Find your next car at http://autos.yahoo.ca