Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Cracking basic auth -- clarification

From: Fyodor <fyodor () dhp com>
Date: Sun, 21 Nov 1999 10:47:15 -0500 (EST)

In my last message I asked about tools for cracking http basic auth
and sshd.  Several people found the question ambiguous.  Thus I
will clarify.  I am not talking about cracking the server side
.htpasswd password file (which is usually just crypt() or MD5).  Nor
am I talking cracking a wire-sniffed basic auth password (which is
just mimencoded plain text).

What I am referring to is brute forcing a live server with a
dictionary attack.  There are a lot of special purpose programs out
there which will brute force authentication to a POP3 server, IMAP
server, CVS server, NNTP server, FTP, Telnet, NetBIOS/TCP, SSH, etc.
Unfortunately many of these tools are often slow, unreliable, and
lacking in common functionality.  The only mature applications near
this application space seem to be the cryptographic hash crackers that
work locally (Solar Designer's John the Ripper, Alec Muffet's Crack,
etc).

It seems like the time has come to combine these into a generic brute
force parallel cracking engine which utilizes relatively simple
modules to handle each of the network authentication protocols.
Perhaps one could start with a local cracker like John and extend it
to support networks.  This would allow leveraging of all the useful
password list generation code and bring the convenience of having
highly optimised local password cracking within the same
program/interface.

My question is whether anyone has worked on this yet for UNIX, or
whether I should start from scratch.  Even the Windows guys are
starting to develop these tools -- see Brutus (
http://www.hoobie.net/brutus/ ).  Sure, it is a slow, bloated,
binary-only Visual Basic Windows app.  But it is a start.

Am I the only one who is sick of having 10 different netauth crackers
with widely varying interfaces, capabilities, bugs, etc?  It reminds
me of the time when I used to have a directory full of half-scan,
pscan, bounce-scan, strobe, reflscan, udp-scan, etc.

Cheers,
Fyodor

--
Fyodor                            'finger pgp () pgp insecure org | pgp -fka'
Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
"Girls are different from hacking. You can't just brute force them if all
else fails." --SKiMo, quoted in _Underground_ (good book)
Previous By Date Next
Previous By Thread Next

Current thread: