Security Basics mailing list archives
RE: bruteforce attacks to GUI applications
From: Kenton Smith <listsks () yahoo ca>
Date: Wed, 16 Nov 2005 11:37:49 -0500 (EST)
I haven't ever used it, but my understanding is that Brutus does exactly what you say is Hollywood fiction. http://www.hoobie.net/brutus/index.html Kenton --- m_r_welch () tiscali co uk wrote:
Typically they don't. Either they attack the executable with a decompiler/dissembler and find where the password is stored, extract it and then bruteforce the encryption/hash directly, or if the gui sends the password across the network, they will aim to intercept the packets and then proceed as above, or alternatively write their own application to send brute-force forged requests against the server that stores the password. The hollywood stereotype vision of usernames and passwords being automatically entered into the gui is just that - a hollywood fiction.-- Original Message -- Date: Wed, 09 Nov 2005 03:59:11 -0600 From: ework0 <ework0 () gmail com> To: security-basics () securityfocus com Subject: bruteforce attacks to GUI applications hello, anyone know how can an intruder performbrute force attacks to aGUI running application (ej: a password login) ? Let's assume the application is running on Java andthe attacker is ableto log in locally, run GUI the application, andperform the attack fromthe command shell with a wordlist, how is thatpossible?Thanks, ework0
___________________________________________________________
Tiscali Broadband from 14.99 with free setup! http://www.tiscali.co.uk/products/broadband/
__________________________________________________________ Find your next car at http://autos.yahoo.ca
Current thread:
- bruteforce attacks to GUI applications ework0 (Nov 09)
- RE: bruteforce attacks to GUI applications m_r_welch (Nov 15)
- RE: bruteforce attacks to GUI applications Kenton Smith (Nov 16)
- Re: bruteforce attacks to GUI applications ascii (Nov 17)
- RE: bruteforce attacks to GUI applications Kenton Smith (Nov 16)
- <Possible follow-ups>
- Re: bruteforce attacks to GUI applications m_r_welch (Nov 16)
- Re: bruteforce attacks to GUI applications Disco Jonny (Nov 17)
- Re: bruteforce attacks to GUI applications m_r_welch (Nov 16)
- Re: bruteforce attacks to GUI applications ascii (Nov 17)
- Re: bruteforce attacks to GUI applications Alloishus BeauMains (Nov 17)
- Re: bruteforce attacks to GUI applications mike preston (Nov 28)
- RE: bruteforce attacks to GUI applications m_r_welch (Nov 15)