Nytro Posted November 10, 2013 Report Posted November 10, 2013 [h=1]Beleth[/h]Beleth is a multi-threaded asynchronous SSH password auditing tool written in C. There are plenty of other password cracking programs out there that can do the job, but I wanted something small, fast, and custom as a proof of concept. After preliminary tests, Beleth was able to outperform both THC-Hydra and Ncrack. Beleth also allows you to run a remote command after successfully cracking a password. Pull requests are welcome as the development is an ongoing process. For a more in depth look at the code, check out Chokepoint development blog. [h=2]Disclaimer[/h] Beleth is a password auditing tool and should not be run against anyone else's system without receiving proper permission first. By using this application on a live connection, you do so at your own risk. [h=2]Get the source[/h] Beleth is available on github and will continue to be updated with new features. The only library dependency is LibSSH2. Included with Beleth is the 2012 Top 25 most used passwords list. $ git clone https://github.com/chokepoint/Beleth.git$ cd beleth$ make$ ./beleth -hUsage: ./beleth [OPTIONS] -c [payload] Execute payload on remote server once logged in -h Display this help -l [threads] Limit threads to given number. Default: 10 -p [port] Specify remote port -t [target] Attempt connections to this server -u [user] Attempt connection using this username -v -v (Show attempts) -vv (Show debugging) -w [wordlist] Use this wordlist. Defaults to wordlist.txt$ ./beleth -t 127.0.0.1 -u root -w wordlist.txt -c 'uname -a' -l 15+-----------------------------------------+| Beleth || www.chokepoint.net |+-----------------------------------------+[*] Read 25 passwords from file.[*] Starting task manager[*] Spawning 15 threads[*] Starting attack on root@127.0.0.1:22[*] Authentication succeeded (root:jesus@127.0.0.1:22)[*] Executing: uname -a[*] Linux eclipse 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1 i686 GNU/Linux[*] Cleaning up child processes.Sursa: Beleth - Security101 - Blackhat Techniques - Hacking Tutorials - Vulnerability Research - Security Tools
ignore07 Posted January 23, 2014 Report Posted January 23, 2014 trebuie pus pe un root cu eth0 sau eth1 ?
malsploit Posted January 23, 2014 Report Posted January 23, 2014 (edited) Da!trebuie pus pe un root cu eth0 sau eth1 ?Am remarcat ca in ultima vreme am fost invadati de tot felul de indivizi, marea majoritate venind de pe irc (dupa vocabular). Ar fi de preferat ca cei care intra aici si doresc sa vanda ceva pe RST Market, sa aduca si un beneficiu acestei comunitati: un tutorial, o stire de securitate, un mic ajutor celorlalti utilizatori. Serios, aici nu e mercador.De asemenea, cand doresc sa vanda servere, sa spuna ce anume vand mai exact: server linux, distributie, model cpu, memorie. S-a umplut forumul de "vand root uid0 eth0". Ce saracia e asta fratilor? Eu o vad ca pe o bataie de joc si o sa incep sa dau warn-uri unde vad asa ceva. Invatati ce inseamna termenii pe care-i folositi!- root: Nu, nu este un server de scan. Este un utilizator cu drepturi depline intr-un sistem *nix- eth0: Reprezinta primul device de retea intr-un sistem linux. Va incomodeaza daca se numeste rl0, fxp0, em0, bge0?- uid0: Pai daca ati spus ca vindeti ROOT, poate el avea alt USER ID decat 0 ? E ca si cum ati spune ca vindeti masina cu volan si claxon. Edited January 23, 2014 by hate.me 1