Go Back   Xisp.org Forums > Porn Password Cracking > Tools of the Trade

Brute Force Tool

Reply
Views: 2433 - Replies: 5  
Thread Tools Display Modes

Brute Force Tool
Old 05-31-2007, 05:24 PM   #1
CrashTest
Guest
 
Posts: n/a
Threads: 5107
Post Brute Force Tool

A person can use this tool, combined with a cgi proxy or other program like a proxy filter to brute any data in a request sent to a sever. Comes with basic tutorial, but it can do a lot more. Most brute force apps I've seen are specifically for combos and post or get data. I'm trying this myself because I needed something to brute short basic authorization codes (user info encrypted) and session cookies. I'm optimistic but if anyone else has any info please post..

http://rapidshare.com/files/34510034/Crowbar.zip.html

no pass
  Reply With Quote

Old 05-31-2007, 07:31 PM   #2
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,505
Threads: 314
slysnake is on a distinguished road
Default

Is this your tool? It's new to me. I'll have a look
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 06-01-2007, 12:26 AM   #3
CrashTest
Guest
 
Posts: n/a
Threads: 5107
Default

No, not mine. I found this somewhere and thought it could be usefull. Also, It has a major disability (it cannot use a proxylist). I found a couple of ways around this.
  Reply With Quote

Old 06-01-2007, 01:04 PM   #4
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

Can't use proxylist? what's the use then?
  Reply With Quote

Old 06-01-2007, 03:53 PM   #5
CrashTest
Guest
 
Posts: n/a
Threads: 5107
Default

there are a couple of different ways, but here's what I'm using:

Local proxy servers can send each request made by your computer using different a ip (auto rotate). So there is a proxy list; it's just used by the local proxy sever. The requests made by programs on you computer are modified before they are sent out; no program compatibility required.

this is my fav and it's freeware
PROXY FIREWALL (proxy-firewall.c0m)


here's a good and short pdf about hijacking sessions websites. No need for user name and pass.

http://rapidshare.com/files/34860001/SessionIDs.pdf.html

Last edited by CrashTest; 06-07-2007 at 12:14 AM..
  Reply With Quote

Old 06-06-2007, 11:45 PM   #6
CrashTest
Guest
 
Posts: n/a
Threads: 5107
Default

OK,

I had success with my test on basic authentication sites like: mike's apartment, bangbros, Lightspeed ... (turned combo list into a basic auth list using a base64 decoder and used crowbar to brute)


Now it's time to try the ocr sites using session info: (no need for something that can recognize characters in images, maybe EASIER OCR,AVS access)

I'm going to make out profiles for the sites, I'll need to login first to see what type of info I need to come up with. kinda like this.

Cookie: PHPSESSID=a775fc584432d6fb16ab125f6fc81601; path=/

(Anyone know what method is generally use to encode/encrypt this info; I just started searching)

I've read that some are a random string that use as a key to look up the session information.

P.S.
Anyone know what happened to the strongbox old admin login cred (died like everything else). Props to JaNlOk for the long list. And has there been success with other flaws.

Last edited by CrashTest; 06-07-2007 at 12:10 AM..
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 10:11 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org