Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 29
Members Online: 3

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

BruteForce...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-11-05 02:14
Ok, So I Like To Break In, But With New Security such as SSL it makes bruteforcing new protocals had becuase of lack of programs, so i must ask, can anyone recommend a good SSH bruteforcer? for linux perferable... i know hydra will do it, but openssh library is shotty and won't let you do it...
Author

RE: BruteForce...

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 18-11-05 18:28
LOL, you've gotta be kidding me (sorry to be so mean, but here goes).

First off, the openssh (or ssh) libs *will* let you do it, just down load the ones that you need (run hydra's ./configure and it will link you).

But secondly, do you have a death wish? Haven't you been reading Incidents securityfocus mailing list? The days of SSH (and other SSL based protocols) hiding from an (N)IDS are *over*. SSH failed logins are now logged. So, if the admin sees 5,000 failed logins, you've pretty much set off the biggest alarm you ever could have.

Now, many people will say that bruteforcing is lame. Its actually a very common used practice during pen-tests and red-teaming events. But if you ever do it in the wild, you've fucked yourself.

Thats all i'm gonna say.....


"Root is a state of mind" -- K0resh
Author

RE: BruteForce...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-05 02:05
oh... i know that SSH logs all, i run my own server and get many people trying to get in every day... i just want to do a pen-test on my server to test my users passwords... trust me, i know all about logs and that shit... i'm not retarded like those who try to get into my server, i've had 100 people try in 3 weeks and not a single person has every gotten in ...
Author

RE: BruteForce...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-05 02:07
i havnt tried yet.. but just wait.. ill have some fun this break
Wink


Author

RE: BruteForce...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-05 02:14
Frozen Flame, Bring it... My Password Is So Random, The Only Possability you have is if the psuedo-random algor. makes the password wrong... it's a 12 digit, from 96, password that changes every 12 hours... there are
3.9939223824273992215667642551956e+103 possablities for my password... Wink
Author

RE: BruteForce...

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 19-11-05 03:45
meh, PNG based crackers are fundamentally flawed....

Best way to attack an SSH deamon is to find and code your own 0-day....

BTW, you say that you have your own SSH server. Have you noticed how long it takes the attacker to run through one dictionary cycle? Hehe, just the amount fo time a bruteforce takes against SSH is a deterrent in itself....


"Root is a state of mind" -- K0resh
Author

RE: BruteForce...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-05 04:29
yeah... i just had to know if you recommend any out there... TY for the help...